@pensar/apex 2.1.2-canary.b00d36c6 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/{agent-nfshsy6s.js → agent-737mxp3v.js} +7 -7
- package/build/agent-8w9h3tnw.js +19 -0
- package/build/{agent-3n3mpmyd.js → agent-vdrtakz4.js} +9 -9
- package/build/{apps-4wfaw0jf.js → apps-j0bwey0w.js} +15 -15
- package/build/{auth-8rhy8fv5.js → auth-5stxpmga.js} +15 -15
- package/build/authentication-qswvctj4.js +19 -0
- package/build/blackboxAgent-vwm9t3h4.js +19 -0
- package/build/{blackboxPentest-mep90kjs.js → blackboxPentest-2edr9rj3.js} +13 -13
- package/build/{cli-j0pkr8fx.js → cli-0gk2x2sc.js} +3 -3
- package/build/{cli-jrgg8mm7.js → cli-35czfv00.js} +408 -454
- package/build/{cli-4wevw3pw.js → cli-6vs0mtsb.js} +2 -2
- package/build/{cli-p1607qpm.js → cli-6wwpk9d9.js} +1 -1
- package/build/{cli-73dd5xbw.js → cli-9vzc18m5.js} +7 -7
- package/build/{cli-h9ckbgyv.js → cli-9z6vwf30.js} +1 -1
- package/build/{cli-7hhh581w.js → cli-dqkdnd3c.js} +4 -4
- package/build/{cli-cv6ksx11.js → cli-gbkj2has.js} +2 -2
- package/build/{cli-2tg2kjh8.js → cli-hj3t87r2.js} +1 -1
- package/build/{cli-61k5qfet.js → cli-jd0c0b91.js} +1 -1
- package/build/{cli-mfrgq3wf.js → cli-ks60cc3h.js} +1 -1
- package/build/{cli-1wvq8fmx.js → cli-tw3fe8bj.js} +1 -1
- package/build/{cli-f11c6hrv.js → cli-v1aqbv58.js} +4 -4
- package/build/{cli-v695pmmv.js → cli-whtdyc0e.js} +3 -3
- package/build/{cli-wb9e1cm9.js → cli-xnnkeg5p.js} +1 -1
- package/build/{cli-jk8q7k35.js → cli-yjbkaqvy.js} +7 -17
- package/build/cli.js +33 -33
- package/build/{config-da16q9zt.js → config-s5ryv5ez.js} +3 -3
- package/build/{doctor-5qk6rmjv.js → doctor-f08gegwc.js} +6 -6
- package/build/{fixes-p4xaphrv.js → fixes-qf4s92z2.js} +15 -15
- package/build/{index-xf9cpaaf.js → index-5h1hjhzw.js} +9 -9
- package/build/{index-sazk2djd.js → index-c6qz0gve.js} +6 -6
- package/build/{index-73zr7jyp.js → index-exvkbve0.js} +4 -4
- package/build/{index-r9844238.js → index-gakk2t5q.js} +17 -17
- package/build/{index-n0ej2712.js → index-s8gw83d6.js} +8 -8
- package/build/{index-bm9e2zg1.js → index-sqjve2bm.js} +2 -2
- package/build/{index-c7x5j9c6.js → index-x4xefngs.js} +3 -3
- package/build/{issues-btekj8p2.js → issues-5anqrh2j.js} +15 -15
- package/build/{logs-q7zna00s.js → logs-q6ankt6m.js} +15 -15
- package/build/{offesecAgent-ys3zdgqw.js → offesecAgent-hsej0pfc.js} +8 -8
- package/build/pentest-1e30q7rs.js +28 -0
- package/build/{pentests-rs82gahj.js → pentests-hyx3c3qa.js} +15 -15
- package/build/{targetedPentest-an4qdy5q.js → targetedPentest-ws0a7frk.js} +9 -9
- package/build/{targets-w9c68qqt.js → targets-9cqrshet.js} +15 -15
- package/build/threatModel-z9b213x8.js +26 -0
- package/build/{uninstall-ww1w0cy3.js → uninstall-1j469qj7.js} +1 -1
- package/build/{upload-z6xb3eda.js → upload-ymvhkyq5.js} +6 -6
- package/build/{utils-9cvvh20b.js → utils-d1ed6jzf.js} +5 -5
- package/package.json +1 -1
- package/build/agent-s4vkqxtr.js +0 -19
- package/build/authentication-69dgp6ec.js +0 -19
- package/build/blackboxAgent-458t65hq.js +0 -19
- package/build/pentest-pc1098c0.js +0 -28
- package/build/threatModel-0ns4663v.js +0 -26
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
detectOSAndEnhancePrompt
|
|
3
|
-
} from "./cli-
|
|
3
|
+
} from "./cli-6wwpk9d9.js";
|
|
4
4
|
import {
|
|
5
5
|
parseTargetUrl
|
|
6
6
|
} from "./cli-c8131c4q.js";
|
|
@@ -26,14 +26,14 @@ import {
|
|
|
26
26
|
scopedLogger,
|
|
27
27
|
streamResponse,
|
|
28
28
|
write
|
|
29
|
-
} from "./cli-
|
|
29
|
+
} from "./cli-v1aqbv58.js";
|
|
30
30
|
import {
|
|
31
31
|
ensureValidToken,
|
|
32
32
|
getPensarApiUrl,
|
|
33
33
|
init_auth,
|
|
34
34
|
init_constants,
|
|
35
35
|
signGatewayRequest
|
|
36
|
-
} from "./cli-
|
|
36
|
+
} from "./cli-hj3t87r2.js";
|
|
37
37
|
import {
|
|
38
38
|
exports_external,
|
|
39
39
|
init_zod,
|
|
@@ -43,7 +43,7 @@ import {
|
|
|
43
43
|
import {
|
|
44
44
|
config,
|
|
45
45
|
init_config
|
|
46
|
-
} from "./cli-
|
|
46
|
+
} from "./cli-9z6vwf30.js";
|
|
47
47
|
import {
|
|
48
48
|
__commonJS,
|
|
49
49
|
__export,
|
|
@@ -42466,8 +42466,8 @@ var require_core3 = __commonJS((exports) => {
|
|
|
42466
42466
|
function many1(p) {
|
|
42467
42467
|
return ab(p, many(p), (head, tail) => [head, ...tail]);
|
|
42468
42468
|
}
|
|
42469
|
-
function ab(pa, pb,
|
|
42470
|
-
return (data, i) => mapOuter(pa(data, i), (ma) => mapInner(pb(data, ma.position), (vb, j) =>
|
|
42469
|
+
function ab(pa, pb, join14) {
|
|
42470
|
+
return (data, i) => mapOuter(pa(data, i), (ma) => mapInner(pb(data, ma.position), (vb, j) => join14(ma.value, vb, data, i, j)));
|
|
42471
42471
|
}
|
|
42472
42472
|
function left(pa, pb) {
|
|
42473
42473
|
return ab(pa, pb, (va) => va);
|
|
@@ -42475,8 +42475,8 @@ var require_core3 = __commonJS((exports) => {
|
|
|
42475
42475
|
function right(pa, pb) {
|
|
42476
42476
|
return ab(pa, pb, (va, vb) => vb);
|
|
42477
42477
|
}
|
|
42478
|
-
function abc(pa, pb, pc,
|
|
42479
|
-
return (data, i) => mapOuter(pa(data, i), (ma) => mapOuter(pb(data, ma.position), (mb) => mapInner(pc(data, mb.position), (vc, j) =>
|
|
42478
|
+
function abc(pa, pb, pc, join14) {
|
|
42479
|
+
return (data, i) => mapOuter(pa(data, i), (ma) => mapOuter(pb(data, ma.position), (mb) => mapInner(pc(data, mb.position), (vc, j) => join14(ma.value, mb.value, vc, data, i, j))));
|
|
42480
42480
|
}
|
|
42481
42481
|
function middle(pa, pb, pc) {
|
|
42482
42482
|
return abc(pa, pb, pc, (ra, rb) => rb);
|
|
@@ -46221,10 +46221,10 @@ var require_helpers = __commonJS((exports) => {
|
|
|
46221
46221
|
return !arr.includes(node, i + 1);
|
|
46222
46222
|
});
|
|
46223
46223
|
nodes.sort(function(a, b) {
|
|
46224
|
-
var
|
|
46225
|
-
if (
|
|
46224
|
+
var relative = compareDocumentPosition(a, b);
|
|
46225
|
+
if (relative & DocumentPosition.PRECEDING) {
|
|
46226
46226
|
return -1;
|
|
46227
|
-
} else if (
|
|
46227
|
+
} else if (relative & DocumentPosition.FOLLOWING) {
|
|
46228
46228
|
return 1;
|
|
46229
46229
|
}
|
|
46230
46230
|
return 0;
|
|
@@ -50952,8 +50952,8 @@ var require_simple_parser = __commonJS((exports, module) => {
|
|
|
50952
50952
|
}
|
|
50953
50953
|
let promise2;
|
|
50954
50954
|
if (!callback) {
|
|
50955
|
-
promise2 = new Promise((
|
|
50956
|
-
callback = callbackPromise(
|
|
50955
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
50956
|
+
callback = callbackPromise(resolve2, reject);
|
|
50957
50957
|
});
|
|
50958
50958
|
}
|
|
50959
50959
|
options = options || {};
|
|
@@ -51039,13 +51039,13 @@ var require_simple_parser = __commonJS((exports, module) => {
|
|
|
51039
51039
|
}
|
|
51040
51040
|
return promise2;
|
|
51041
51041
|
};
|
|
51042
|
-
function callbackPromise(
|
|
51042
|
+
function callbackPromise(resolve2, reject) {
|
|
51043
51043
|
return function(...args) {
|
|
51044
51044
|
let err = args.shift();
|
|
51045
51045
|
if (err) {
|
|
51046
51046
|
reject(err);
|
|
51047
51047
|
} else {
|
|
51048
|
-
|
|
51048
|
+
resolve2(...args);
|
|
51049
51049
|
}
|
|
51050
51050
|
};
|
|
51051
51051
|
}
|
|
@@ -51474,8 +51474,8 @@ var require_retry = __commonJS((exports) => {
|
|
|
51474
51474
|
}
|
|
51475
51475
|
const delay = getNextRetryDelay(config3);
|
|
51476
51476
|
err.config.retryConfig.currentRetryAttempt += 1;
|
|
51477
|
-
const backoff = config3.retryBackoff ? config3.retryBackoff(err, delay) : new Promise((
|
|
51478
|
-
setTimeout(
|
|
51477
|
+
const backoff = config3.retryBackoff ? config3.retryBackoff(err, delay) : new Promise((resolve2) => {
|
|
51478
|
+
setTimeout(resolve2, delay);
|
|
51479
51479
|
});
|
|
51480
51480
|
if (config3.onRetryAttempt) {
|
|
51481
51481
|
await config3.onRetryAttempt(err);
|
|
@@ -57091,7 +57091,7 @@ var require_jwtaccess = __commonJS((exports) => {
|
|
|
57091
57091
|
}
|
|
57092
57092
|
}
|
|
57093
57093
|
fromStreamAsync(inputStream) {
|
|
57094
|
-
return new Promise((
|
|
57094
|
+
return new Promise((resolve2, reject) => {
|
|
57095
57095
|
if (!inputStream) {
|
|
57096
57096
|
reject(new Error("Must pass in a stream containing the service account auth settings."));
|
|
57097
57097
|
}
|
|
@@ -57100,7 +57100,7 @@ var require_jwtaccess = __commonJS((exports) => {
|
|
|
57100
57100
|
try {
|
|
57101
57101
|
const data = JSON.parse(s);
|
|
57102
57102
|
this.fromJSON(data);
|
|
57103
|
-
|
|
57103
|
+
resolve2();
|
|
57104
57104
|
} catch (err) {
|
|
57105
57105
|
reject(err);
|
|
57106
57106
|
}
|
|
@@ -57287,7 +57287,7 @@ var require_jwtclient = __commonJS((exports) => {
|
|
|
57287
57287
|
}
|
|
57288
57288
|
}
|
|
57289
57289
|
fromStreamAsync(inputStream) {
|
|
57290
|
-
return new Promise((
|
|
57290
|
+
return new Promise((resolve2, reject) => {
|
|
57291
57291
|
if (!inputStream) {
|
|
57292
57292
|
throw new Error("Must pass in a stream containing the service account auth settings.");
|
|
57293
57293
|
}
|
|
@@ -57296,7 +57296,7 @@ var require_jwtclient = __commonJS((exports) => {
|
|
|
57296
57296
|
try {
|
|
57297
57297
|
const data = JSON.parse(s);
|
|
57298
57298
|
this.fromJSON(data);
|
|
57299
|
-
|
|
57299
|
+
resolve2();
|
|
57300
57300
|
} catch (e) {
|
|
57301
57301
|
reject(e);
|
|
57302
57302
|
}
|
|
@@ -57397,7 +57397,7 @@ var require_refreshclient = __commonJS((exports) => {
|
|
|
57397
57397
|
}
|
|
57398
57398
|
}
|
|
57399
57399
|
async fromStreamAsync(inputStream) {
|
|
57400
|
-
return new Promise((
|
|
57400
|
+
return new Promise((resolve2, reject) => {
|
|
57401
57401
|
if (!inputStream) {
|
|
57402
57402
|
return reject(new Error("Must pass in a stream containing the user refresh token."));
|
|
57403
57403
|
}
|
|
@@ -57406,7 +57406,7 @@ var require_refreshclient = __commonJS((exports) => {
|
|
|
57406
57406
|
try {
|
|
57407
57407
|
const data = JSON.parse(s);
|
|
57408
57408
|
this.fromJSON(data);
|
|
57409
|
-
return
|
|
57409
|
+
return resolve2();
|
|
57410
57410
|
} catch (err) {
|
|
57411
57411
|
return reject(err);
|
|
57412
57412
|
}
|
|
@@ -58770,7 +58770,7 @@ var require_pluggable_auth_handler = __commonJS((exports) => {
|
|
|
58770
58770
|
this.outputFile = options.outputFile;
|
|
58771
58771
|
}
|
|
58772
58772
|
retrieveResponseFromExecutable(envMap) {
|
|
58773
|
-
return new Promise((
|
|
58773
|
+
return new Promise((resolve2, reject) => {
|
|
58774
58774
|
const child = childProcess.spawn(this.commandComponents[0], this.commandComponents.slice(1), {
|
|
58775
58775
|
env: { ...process.env, ...Object.fromEntries(envMap) }
|
|
58776
58776
|
});
|
|
@@ -58792,7 +58792,7 @@ var require_pluggable_auth_handler = __commonJS((exports) => {
|
|
|
58792
58792
|
try {
|
|
58793
58793
|
const responseJson = JSON.parse(output);
|
|
58794
58794
|
const response = new executable_response_1.ExecutableResponse(responseJson);
|
|
58795
|
-
return
|
|
58795
|
+
return resolve2(response);
|
|
58796
58796
|
} catch (error2) {
|
|
58797
58797
|
if (error2 instanceof executable_response_1.ExecutableResponseError) {
|
|
58798
58798
|
return reject(error2);
|
|
@@ -59444,7 +59444,7 @@ var require_googleauth = __commonJS((exports) => {
|
|
|
59444
59444
|
}
|
|
59445
59445
|
}
|
|
59446
59446
|
fromStreamAsync(inputStream, options) {
|
|
59447
|
-
return new Promise((
|
|
59447
|
+
return new Promise((resolve2, reject) => {
|
|
59448
59448
|
if (!inputStream) {
|
|
59449
59449
|
throw new Error("Must pass in a stream containing the Google auth settings.");
|
|
59450
59450
|
}
|
|
@@ -59454,7 +59454,7 @@ var require_googleauth = __commonJS((exports) => {
|
|
|
59454
59454
|
try {
|
|
59455
59455
|
const data = JSON.parse(chunks.join(""));
|
|
59456
59456
|
const r = this._cacheClientFromJSON(data, options);
|
|
59457
|
-
return
|
|
59457
|
+
return resolve2(r);
|
|
59458
59458
|
} catch (err) {
|
|
59459
59459
|
if (!this.keyFilename)
|
|
59460
59460
|
throw err;
|
|
@@ -59464,7 +59464,7 @@ var require_googleauth = __commonJS((exports) => {
|
|
|
59464
59464
|
});
|
|
59465
59465
|
this.cachedCredential = client;
|
|
59466
59466
|
this.setGapicJWTValues(client);
|
|
59467
|
-
return
|
|
59467
|
+
return resolve2(client);
|
|
59468
59468
|
}
|
|
59469
59469
|
} catch (err) {
|
|
59470
59470
|
return reject(err);
|
|
@@ -59485,16 +59485,16 @@ var require_googleauth = __commonJS((exports) => {
|
|
|
59485
59485
|
return false;
|
|
59486
59486
|
}
|
|
59487
59487
|
async getDefaultServiceProjectId() {
|
|
59488
|
-
return new Promise((
|
|
59488
|
+
return new Promise((resolve2) => {
|
|
59489
59489
|
(0, child_process_1.exec)("gcloud config config-helper --format json", (err, stdout) => {
|
|
59490
59490
|
if (!err && stdout) {
|
|
59491
59491
|
try {
|
|
59492
59492
|
const projectId = JSON.parse(stdout).configuration.properties.core.project;
|
|
59493
|
-
|
|
59493
|
+
resolve2(projectId);
|
|
59494
59494
|
return;
|
|
59495
59495
|
} catch (e) {}
|
|
59496
59496
|
}
|
|
59497
|
-
|
|
59497
|
+
resolve2(null);
|
|
59498
59498
|
});
|
|
59499
59499
|
});
|
|
59500
59500
|
}
|
|
@@ -62473,7 +62473,7 @@ var require_http2 = __commonJS((exports) => {
|
|
|
62473
62473
|
const chunks = [];
|
|
62474
62474
|
const session = sessionData.session;
|
|
62475
62475
|
let req;
|
|
62476
|
-
return new Promise((
|
|
62476
|
+
return new Promise((resolve2, reject) => {
|
|
62477
62477
|
try {
|
|
62478
62478
|
req = session.request(headers).on("response", (responseHeaders) => {
|
|
62479
62479
|
Object.assign(res, {
|
|
@@ -62486,7 +62486,7 @@ var require_http2 = __commonJS((exports) => {
|
|
|
62486
62486
|
}
|
|
62487
62487
|
if (opts.responseType === "stream") {
|
|
62488
62488
|
res.data = stream;
|
|
62489
|
-
|
|
62489
|
+
resolve2(res);
|
|
62490
62490
|
return;
|
|
62491
62491
|
}
|
|
62492
62492
|
stream.on("data", (d) => {
|
|
@@ -62520,7 +62520,7 @@ var require_http2 = __commonJS((exports) => {
|
|
|
62520
62520
|
}
|
|
62521
62521
|
reject(new Error(message, { cause: res }));
|
|
62522
62522
|
}
|
|
62523
|
-
|
|
62523
|
+
resolve2(res);
|
|
62524
62524
|
return;
|
|
62525
62525
|
});
|
|
62526
62526
|
}).on("error", (e) => {
|
|
@@ -63062,7 +63062,7 @@ var require_discovery = __commonJS((exports) => {
|
|
|
63062
63062
|
exports.Discovery = undefined;
|
|
63063
63063
|
var fs = __require("fs");
|
|
63064
63064
|
var gaxios_1 = require_src3();
|
|
63065
|
-
var
|
|
63065
|
+
var resolve2 = __require("url");
|
|
63066
63066
|
var util = __require("util");
|
|
63067
63067
|
var apirequest_1 = require_apirequest();
|
|
63068
63068
|
var endpoint_1 = require_endpoint();
|
|
@@ -63128,7 +63128,7 @@ var require_discovery = __commonJS((exports) => {
|
|
|
63128
63128
|
}
|
|
63129
63129
|
async discoverAPI(apiDiscoveryUrl) {
|
|
63130
63130
|
if (typeof apiDiscoveryUrl === "string") {
|
|
63131
|
-
const parts =
|
|
63131
|
+
const parts = resolve2.parse(apiDiscoveryUrl);
|
|
63132
63132
|
if (apiDiscoveryUrl && !parts.protocol) {
|
|
63133
63133
|
this.log("Reading from file " + apiDiscoveryUrl);
|
|
63134
63134
|
const file = await readFile(apiDiscoveryUrl, { encoding: "utf8" });
|
|
@@ -66001,12 +66001,12 @@ var require_BatchRequestContent = __commonJS((exports) => {
|
|
|
66001
66001
|
case 6:
|
|
66002
66002
|
blob_1 = _a.sent();
|
|
66003
66003
|
reader_1 = new FileReader;
|
|
66004
|
-
return [4, new Promise(function(
|
|
66004
|
+
return [4, new Promise(function(resolve2) {
|
|
66005
66005
|
reader_1.addEventListener("load", function() {
|
|
66006
66006
|
var dataURL = reader_1.result;
|
|
66007
66007
|
var regex = new RegExp("^s*data:(.+?/.+?(;.+?=.+?)*)?(;base64)?,(.*)s*$");
|
|
66008
66008
|
var segments = regex.exec(dataURL);
|
|
66009
|
-
|
|
66009
|
+
resolve2(segments[4]);
|
|
66010
66010
|
}, false);
|
|
66011
66011
|
reader_1.readAsDataURL(blob_1);
|
|
66012
66012
|
})];
|
|
@@ -66782,8 +66782,8 @@ var require_RetryHandler = __commonJS((exports) => {
|
|
|
66782
66782
|
var delayMilliseconds;
|
|
66783
66783
|
return tslib_1.__generator(this, function(_a) {
|
|
66784
66784
|
delayMilliseconds = delaySeconds * 1000;
|
|
66785
|
-
return [2, new Promise(function(
|
|
66786
|
-
return setTimeout(
|
|
66785
|
+
return [2, new Promise(function(resolve2) {
|
|
66786
|
+
return setTimeout(resolve2, delayMilliseconds);
|
|
66787
66787
|
})];
|
|
66788
66788
|
});
|
|
66789
66789
|
});
|
|
@@ -67456,12 +67456,12 @@ var require_GraphResponseHandler = __commonJS((exports) => {
|
|
|
67456
67456
|
function GraphResponseHandler2() {}
|
|
67457
67457
|
GraphResponseHandler2.parseDocumentResponse = function(rawResponse, type) {
|
|
67458
67458
|
if (typeof DOMParser !== "undefined") {
|
|
67459
|
-
return new Promise(function(
|
|
67459
|
+
return new Promise(function(resolve2, reject) {
|
|
67460
67460
|
rawResponse.text().then(function(xmlString) {
|
|
67461
67461
|
try {
|
|
67462
67462
|
var parser = new DOMParser;
|
|
67463
67463
|
var xmlDoc = parser.parseFromString(xmlString, type);
|
|
67464
|
-
|
|
67464
|
+
resolve2(xmlDoc);
|
|
67465
67465
|
} catch (error2) {
|
|
67466
67466
|
reject(error2);
|
|
67467
67467
|
}
|
|
@@ -68135,7 +68135,7 @@ var require_StreamUpload = __commonJS((exports) => {
|
|
|
68135
68135
|
};
|
|
68136
68136
|
StreamUpload2.prototype.readNBytesFromStream = function(size) {
|
|
68137
68137
|
var _this = this;
|
|
68138
|
-
return new Promise(function(
|
|
68138
|
+
return new Promise(function(resolve2, reject) {
|
|
68139
68139
|
var chunks = [];
|
|
68140
68140
|
var remainder = size;
|
|
68141
68141
|
var length = 0;
|
|
@@ -68154,7 +68154,7 @@ var require_StreamUpload = __commonJS((exports) => {
|
|
|
68154
68154
|
}
|
|
68155
68155
|
}
|
|
68156
68156
|
if (length === size) {
|
|
68157
|
-
return
|
|
68157
|
+
return resolve2(Buffer.concat(chunks));
|
|
68158
68158
|
}
|
|
68159
68159
|
if (!_this.content || !_this.content.readable) {
|
|
68160
68160
|
return reject(new GraphClientError_1.GraphClientError("Error encountered while reading the stream during the upload"));
|
|
@@ -68289,7 +68289,7 @@ var require_CustomAuthenticationProvider = __commonJS((exports) => {
|
|
|
68289
68289
|
return tslib_1.__awaiter(this, undefined, undefined, function() {
|
|
68290
68290
|
var _this = this;
|
|
68291
68291
|
return tslib_1.__generator(this, function(_a) {
|
|
68292
|
-
return [2, new Promise(function(
|
|
68292
|
+
return [2, new Promise(function(resolve2, reject) {
|
|
68293
68293
|
_this.provider(function(error2, accessToken) {
|
|
68294
68294
|
return tslib_1.__awaiter(_this, undefined, undefined, function() {
|
|
68295
68295
|
var invalidTokenMessage, err;
|
|
@@ -68298,7 +68298,7 @@ var require_CustomAuthenticationProvider = __commonJS((exports) => {
|
|
|
68298
68298
|
case 0:
|
|
68299
68299
|
if (!accessToken)
|
|
68300
68300
|
return [3, 1];
|
|
68301
|
-
|
|
68301
|
+
resolve2(accessToken);
|
|
68302
68302
|
return [3, 3];
|
|
68303
68303
|
case 1:
|
|
68304
68304
|
if (!error2) {
|
|
@@ -71159,7 +71159,7 @@ var require_thread_stream = __commonJS((exports, module) => {
|
|
|
71159
71159
|
var { version: version2 } = require_package5();
|
|
71160
71160
|
var { EventEmitter: EventEmitter2 } = __require("events");
|
|
71161
71161
|
var { Worker } = __require("worker_threads");
|
|
71162
|
-
var { join:
|
|
71162
|
+
var { join: join14 } = __require("path");
|
|
71163
71163
|
var { pathToFileURL } = __require("url");
|
|
71164
71164
|
var { wait } = require_wait();
|
|
71165
71165
|
var {
|
|
@@ -71195,7 +71195,7 @@ var require_thread_stream = __commonJS((exports, module) => {
|
|
|
71195
71195
|
function createWorker(stream, opts) {
|
|
71196
71196
|
const { filename, workerData } = opts;
|
|
71197
71197
|
const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
|
|
71198
|
-
const toExecute = bundlerOverrides["thread-stream-worker"] ||
|
|
71198
|
+
const toExecute = bundlerOverrides["thread-stream-worker"] || join14(__dirname, "lib", "worker.js");
|
|
71199
71199
|
const worker = new Worker(toExecute, {
|
|
71200
71200
|
...opts.workerOpts,
|
|
71201
71201
|
trackUnmanagedFds: false,
|
|
@@ -71584,7 +71584,7 @@ var require_transport = __commonJS((exports, module) => {
|
|
|
71584
71584
|
var { createRequire: createRequire3 } = __require("module");
|
|
71585
71585
|
var { existsSync: existsSync9 } = __require("node:fs");
|
|
71586
71586
|
var getCallers = require_caller();
|
|
71587
|
-
var { join:
|
|
71587
|
+
var { join: join14, isAbsolute: isAbsolute2, sep } = __require("node:path");
|
|
71588
71588
|
var { fileURLToPath } = __require("node:url");
|
|
71589
71589
|
var sleep = require_atomic_sleep();
|
|
71590
71590
|
var onExit = require_on_exit_leak_free();
|
|
@@ -71656,7 +71656,7 @@ var require_transport = __commonJS((exports, module) => {
|
|
|
71656
71656
|
return false;
|
|
71657
71657
|
}
|
|
71658
71658
|
}
|
|
71659
|
-
return
|
|
71659
|
+
return isAbsolute2(path) && !existsSync9(path);
|
|
71660
71660
|
}
|
|
71661
71661
|
function stripQuotes(value) {
|
|
71662
71662
|
const first = value[0];
|
|
@@ -71737,7 +71737,7 @@ var require_transport = __commonJS((exports, module) => {
|
|
|
71737
71737
|
throw new Error("only one of target or targets can be specified");
|
|
71738
71738
|
}
|
|
71739
71739
|
if (targets) {
|
|
71740
|
-
target = bundlerOverrides["pino-worker"] ||
|
|
71740
|
+
target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
|
|
71741
71741
|
options.targets = targets.filter((dest) => dest.target).map((dest) => {
|
|
71742
71742
|
return {
|
|
71743
71743
|
...dest,
|
|
@@ -71754,7 +71754,7 @@ var require_transport = __commonJS((exports, module) => {
|
|
|
71754
71754
|
});
|
|
71755
71755
|
});
|
|
71756
71756
|
} else if (pipeline2) {
|
|
71757
|
-
target = bundlerOverrides["pino-worker"] ||
|
|
71757
|
+
target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
|
|
71758
71758
|
options.pipelines = [pipeline2.map((dest) => {
|
|
71759
71759
|
return {
|
|
71760
71760
|
...dest,
|
|
@@ -71773,16 +71773,16 @@ var require_transport = __commonJS((exports, module) => {
|
|
|
71773
71773
|
return buildStream(fixTarget(target), options, worker, sync, name);
|
|
71774
71774
|
function fixTarget(origin) {
|
|
71775
71775
|
origin = bundlerOverrides[origin] || origin;
|
|
71776
|
-
if (
|
|
71776
|
+
if (isAbsolute2(origin) || origin.indexOf("file://") === 0) {
|
|
71777
71777
|
return origin;
|
|
71778
71778
|
}
|
|
71779
71779
|
if (origin === "pino/file") {
|
|
71780
|
-
return
|
|
71780
|
+
return join14(__dirname, "..", "file.js");
|
|
71781
71781
|
}
|
|
71782
71782
|
let fixTarget2;
|
|
71783
71783
|
for (const filePath of callers) {
|
|
71784
71784
|
try {
|
|
71785
|
-
const context = filePath === "node:repl" ? process.cwd() +
|
|
71785
|
+
const context = filePath === "node:repl" ? process.cwd() + sep : filePath;
|
|
71786
71786
|
fixTarget2 = createRequire3(context).resolve(origin);
|
|
71787
71787
|
break;
|
|
71788
71788
|
} catch (err) {
|
|
@@ -72706,7 +72706,7 @@ var require_safe_stable_stringify = __commonJS((exports, module) => {
|
|
|
72706
72706
|
return circularValue;
|
|
72707
72707
|
}
|
|
72708
72708
|
let res = "";
|
|
72709
|
-
let
|
|
72709
|
+
let join14 = ",";
|
|
72710
72710
|
const originalIndentation = indentation;
|
|
72711
72711
|
if (Array.isArray(value)) {
|
|
72712
72712
|
if (value.length === 0) {
|
|
@@ -72720,7 +72720,7 @@ var require_safe_stable_stringify = __commonJS((exports, module) => {
|
|
|
72720
72720
|
indentation += spacer;
|
|
72721
72721
|
res += `
|
|
72722
72722
|
${indentation}`;
|
|
72723
|
-
|
|
72723
|
+
join14 = `,
|
|
72724
72724
|
${indentation}`;
|
|
72725
72725
|
}
|
|
72726
72726
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
@@ -72728,13 +72728,13 @@ ${indentation}`;
|
|
|
72728
72728
|
for (;i < maximumValuesToStringify - 1; i++) {
|
|
72729
72729
|
const tmp2 = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
|
|
72730
72730
|
res += tmp2 !== undefined ? tmp2 : "null";
|
|
72731
|
-
res +=
|
|
72731
|
+
res += join14;
|
|
72732
72732
|
}
|
|
72733
72733
|
const tmp = stringifyFnReplacer(String(i), value, stack, replacer, spacer, indentation);
|
|
72734
72734
|
res += tmp !== undefined ? tmp : "null";
|
|
72735
72735
|
if (value.length - 1 > maximumBreadth) {
|
|
72736
72736
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
72737
|
-
res += `${
|
|
72737
|
+
res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
72738
72738
|
}
|
|
72739
72739
|
if (spacer !== "") {
|
|
72740
72740
|
res += `
|
|
@@ -72755,7 +72755,7 @@ ${originalIndentation}`;
|
|
|
72755
72755
|
let separator = "";
|
|
72756
72756
|
if (spacer !== "") {
|
|
72757
72757
|
indentation += spacer;
|
|
72758
|
-
|
|
72758
|
+
join14 = `,
|
|
72759
72759
|
${indentation}`;
|
|
72760
72760
|
whitespace = " ";
|
|
72761
72761
|
}
|
|
@@ -72769,13 +72769,13 @@ ${indentation}`;
|
|
|
72769
72769
|
const tmp = stringifyFnReplacer(key2, value, stack, replacer, spacer, indentation);
|
|
72770
72770
|
if (tmp !== undefined) {
|
|
72771
72771
|
res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
|
|
72772
|
-
separator =
|
|
72772
|
+
separator = join14;
|
|
72773
72773
|
}
|
|
72774
72774
|
}
|
|
72775
72775
|
if (keyLength > maximumBreadth) {
|
|
72776
72776
|
const removedKeys = keyLength - maximumBreadth;
|
|
72777
72777
|
res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
|
|
72778
|
-
separator =
|
|
72778
|
+
separator = join14;
|
|
72779
72779
|
}
|
|
72780
72780
|
if (spacer !== "" && separator.length > 1) {
|
|
72781
72781
|
res = `
|
|
@@ -72815,7 +72815,7 @@ ${originalIndentation}`;
|
|
|
72815
72815
|
}
|
|
72816
72816
|
const originalIndentation = indentation;
|
|
72817
72817
|
let res = "";
|
|
72818
|
-
let
|
|
72818
|
+
let join14 = ",";
|
|
72819
72819
|
if (Array.isArray(value)) {
|
|
72820
72820
|
if (value.length === 0) {
|
|
72821
72821
|
return "[]";
|
|
@@ -72828,7 +72828,7 @@ ${originalIndentation}`;
|
|
|
72828
72828
|
indentation += spacer;
|
|
72829
72829
|
res += `
|
|
72830
72830
|
${indentation}`;
|
|
72831
|
-
|
|
72831
|
+
join14 = `,
|
|
72832
72832
|
${indentation}`;
|
|
72833
72833
|
}
|
|
72834
72834
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
@@ -72836,13 +72836,13 @@ ${indentation}`;
|
|
|
72836
72836
|
for (;i < maximumValuesToStringify - 1; i++) {
|
|
72837
72837
|
const tmp2 = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
|
|
72838
72838
|
res += tmp2 !== undefined ? tmp2 : "null";
|
|
72839
|
-
res +=
|
|
72839
|
+
res += join14;
|
|
72840
72840
|
}
|
|
72841
72841
|
const tmp = stringifyArrayReplacer(String(i), value[i], stack, replacer, spacer, indentation);
|
|
72842
72842
|
res += tmp !== undefined ? tmp : "null";
|
|
72843
72843
|
if (value.length - 1 > maximumBreadth) {
|
|
72844
72844
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
72845
|
-
res += `${
|
|
72845
|
+
res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
72846
72846
|
}
|
|
72847
72847
|
if (spacer !== "") {
|
|
72848
72848
|
res += `
|
|
@@ -72855,7 +72855,7 @@ ${originalIndentation}`;
|
|
|
72855
72855
|
let whitespace = "";
|
|
72856
72856
|
if (spacer !== "") {
|
|
72857
72857
|
indentation += spacer;
|
|
72858
|
-
|
|
72858
|
+
join14 = `,
|
|
72859
72859
|
${indentation}`;
|
|
72860
72860
|
whitespace = " ";
|
|
72861
72861
|
}
|
|
@@ -72864,7 +72864,7 @@ ${indentation}`;
|
|
|
72864
72864
|
const tmp = stringifyArrayReplacer(key2, value[key2], stack, replacer, spacer, indentation);
|
|
72865
72865
|
if (tmp !== undefined) {
|
|
72866
72866
|
res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
|
|
72867
|
-
separator =
|
|
72867
|
+
separator = join14;
|
|
72868
72868
|
}
|
|
72869
72869
|
}
|
|
72870
72870
|
if (spacer !== "" && separator.length > 1) {
|
|
@@ -72921,20 +72921,20 @@ ${originalIndentation}`;
|
|
|
72921
72921
|
indentation += spacer;
|
|
72922
72922
|
let res2 = `
|
|
72923
72923
|
${indentation}`;
|
|
72924
|
-
const
|
|
72924
|
+
const join15 = `,
|
|
72925
72925
|
${indentation}`;
|
|
72926
72926
|
const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
|
|
72927
72927
|
let i = 0;
|
|
72928
72928
|
for (;i < maximumValuesToStringify - 1; i++) {
|
|
72929
72929
|
const tmp2 = stringifyIndent(String(i), value[i], stack, spacer, indentation);
|
|
72930
72930
|
res2 += tmp2 !== undefined ? tmp2 : "null";
|
|
72931
|
-
res2 +=
|
|
72931
|
+
res2 += join15;
|
|
72932
72932
|
}
|
|
72933
72933
|
const tmp = stringifyIndent(String(i), value[i], stack, spacer, indentation);
|
|
72934
72934
|
res2 += tmp !== undefined ? tmp : "null";
|
|
72935
72935
|
if (value.length - 1 > maximumBreadth) {
|
|
72936
72936
|
const removedKeys = value.length - maximumBreadth - 1;
|
|
72937
|
-
res2 += `${
|
|
72937
|
+
res2 += `${join15}"... ${getItemCount(removedKeys)} not stringified"`;
|
|
72938
72938
|
}
|
|
72939
72939
|
res2 += `
|
|
72940
72940
|
${originalIndentation}`;
|
|
@@ -72950,16 +72950,16 @@ ${originalIndentation}`;
|
|
|
72950
72950
|
return '"[Object]"';
|
|
72951
72951
|
}
|
|
72952
72952
|
indentation += spacer;
|
|
72953
|
-
const
|
|
72953
|
+
const join14 = `,
|
|
72954
72954
|
${indentation}`;
|
|
72955
72955
|
let res = "";
|
|
72956
72956
|
let separator = "";
|
|
72957
72957
|
let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
|
|
72958
72958
|
if (isTypedArrayWithEntries(value)) {
|
|
72959
|
-
res += stringifyTypedArray(value,
|
|
72959
|
+
res += stringifyTypedArray(value, join14, maximumBreadth);
|
|
72960
72960
|
keys = keys.slice(value.length);
|
|
72961
72961
|
maximumPropertiesToStringify -= value.length;
|
|
72962
|
-
separator =
|
|
72962
|
+
separator = join14;
|
|
72963
72963
|
}
|
|
72964
72964
|
if (deterministic) {
|
|
72965
72965
|
keys = sort(keys, comparator);
|
|
@@ -72970,13 +72970,13 @@ ${indentation}`;
|
|
|
72970
72970
|
const tmp = stringifyIndent(key2, value[key2], stack, spacer, indentation);
|
|
72971
72971
|
if (tmp !== undefined) {
|
|
72972
72972
|
res += `${separator}${strEscape(key2)}: ${tmp}`;
|
|
72973
|
-
separator =
|
|
72973
|
+
separator = join14;
|
|
72974
72974
|
}
|
|
72975
72975
|
}
|
|
72976
72976
|
if (keyLength > maximumBreadth) {
|
|
72977
72977
|
const removedKeys = keyLength - maximumBreadth;
|
|
72978
72978
|
res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
|
|
72979
|
-
separator =
|
|
72979
|
+
separator = join14;
|
|
72980
72980
|
}
|
|
72981
72981
|
if (separator !== "") {
|
|
72982
72982
|
res = `
|
|
@@ -74749,8 +74749,8 @@ var require_imap_stream = __commonJS((exports, module) => {
|
|
|
74749
74749
|
payload = payload.slice(0, end);
|
|
74750
74750
|
}
|
|
74751
74751
|
if (payload.length) {
|
|
74752
|
-
await new Promise((
|
|
74753
|
-
this.push({ payload, literals, next:
|
|
74752
|
+
await new Promise((resolve2) => {
|
|
74753
|
+
this.push({ payload, literals, next: resolve2 });
|
|
74754
74754
|
});
|
|
74755
74755
|
}
|
|
74756
74756
|
}
|
|
@@ -74787,7 +74787,7 @@ var require_imap_stream = __commonJS((exports, module) => {
|
|
|
74787
74787
|
data.next();
|
|
74788
74788
|
processedCount++;
|
|
74789
74789
|
if (processedCount % 10 === 0) {
|
|
74790
|
-
await new Promise((
|
|
74790
|
+
await new Promise((resolve2) => setImmediate(resolve2));
|
|
74791
74791
|
}
|
|
74792
74792
|
}
|
|
74793
74793
|
}
|
|
@@ -78181,11 +78181,11 @@ var require_receivebuffer = __commonJS((exports) => {
|
|
|
78181
78181
|
var require_socksclient = __commonJS((exports) => {
|
|
78182
78182
|
var __awaiter = exports && exports.__awaiter || function(thisArg, _arguments, P, generator) {
|
|
78183
78183
|
function adopt(value) {
|
|
78184
|
-
return value instanceof P ? value : new P(function(
|
|
78185
|
-
|
|
78184
|
+
return value instanceof P ? value : new P(function(resolve2) {
|
|
78185
|
+
resolve2(value);
|
|
78186
78186
|
});
|
|
78187
78187
|
}
|
|
78188
|
-
return new (P || (P = Promise))(function(
|
|
78188
|
+
return new (P || (P = Promise))(function(resolve2, reject) {
|
|
78189
78189
|
function fulfilled(value) {
|
|
78190
78190
|
try {
|
|
78191
78191
|
step(generator.next(value));
|
|
@@ -78201,7 +78201,7 @@ var require_socksclient = __commonJS((exports) => {
|
|
|
78201
78201
|
}
|
|
78202
78202
|
}
|
|
78203
78203
|
function step(result) {
|
|
78204
|
-
result.done ?
|
|
78204
|
+
result.done ? resolve2(result.value) : adopt(result.value).then(fulfilled, rejected);
|
|
78205
78205
|
}
|
|
78206
78206
|
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
78207
78207
|
});
|
|
@@ -78228,13 +78228,13 @@ var require_socksclient = __commonJS((exports) => {
|
|
|
78228
78228
|
this.setState(constants_1.SocksClientState.Created);
|
|
78229
78229
|
}
|
|
78230
78230
|
static createConnection(options, callback) {
|
|
78231
|
-
return new Promise((
|
|
78231
|
+
return new Promise((resolve2, reject) => {
|
|
78232
78232
|
try {
|
|
78233
78233
|
(0, helpers_1.validateSocksClientOptions)(options, ["connect"]);
|
|
78234
78234
|
} catch (err) {
|
|
78235
78235
|
if (typeof callback === "function") {
|
|
78236
78236
|
callback(err);
|
|
78237
|
-
return
|
|
78237
|
+
return resolve2(err);
|
|
78238
78238
|
} else {
|
|
78239
78239
|
return reject(err);
|
|
78240
78240
|
}
|
|
@@ -78245,16 +78245,16 @@ var require_socksclient = __commonJS((exports) => {
|
|
|
78245
78245
|
client.removeAllListeners();
|
|
78246
78246
|
if (typeof callback === "function") {
|
|
78247
78247
|
callback(null, info);
|
|
78248
|
-
|
|
78248
|
+
resolve2(info);
|
|
78249
78249
|
} else {
|
|
78250
|
-
|
|
78250
|
+
resolve2(info);
|
|
78251
78251
|
}
|
|
78252
78252
|
});
|
|
78253
78253
|
client.once("error", (err) => {
|
|
78254
78254
|
client.removeAllListeners();
|
|
78255
78255
|
if (typeof callback === "function") {
|
|
78256
78256
|
callback(err);
|
|
78257
|
-
|
|
78257
|
+
resolve2(err);
|
|
78258
78258
|
} else {
|
|
78259
78259
|
reject(err);
|
|
78260
78260
|
}
|
|
@@ -78262,13 +78262,13 @@ var require_socksclient = __commonJS((exports) => {
|
|
|
78262
78262
|
});
|
|
78263
78263
|
}
|
|
78264
78264
|
static createConnectionChain(options, callback) {
|
|
78265
|
-
return new Promise((
|
|
78265
|
+
return new Promise((resolve2, reject) => __awaiter(this, undefined, undefined, function* () {
|
|
78266
78266
|
try {
|
|
78267
78267
|
(0, helpers_1.validateSocksClientChainOptions)(options);
|
|
78268
78268
|
} catch (err) {
|
|
78269
78269
|
if (typeof callback === "function") {
|
|
78270
78270
|
callback(err);
|
|
78271
|
-
return
|
|
78271
|
+
return resolve2(err);
|
|
78272
78272
|
} else {
|
|
78273
78273
|
return reject(err);
|
|
78274
78274
|
}
|
|
@@ -78294,14 +78294,14 @@ var require_socksclient = __commonJS((exports) => {
|
|
|
78294
78294
|
}
|
|
78295
78295
|
if (typeof callback === "function") {
|
|
78296
78296
|
callback(null, { socket: sock });
|
|
78297
|
-
|
|
78297
|
+
resolve2({ socket: sock });
|
|
78298
78298
|
} else {
|
|
78299
|
-
|
|
78299
|
+
resolve2({ socket: sock });
|
|
78300
78300
|
}
|
|
78301
78301
|
} catch (err) {
|
|
78302
78302
|
if (typeof callback === "function") {
|
|
78303
78303
|
callback(err);
|
|
78304
|
-
|
|
78304
|
+
resolve2(err);
|
|
78305
78305
|
} else {
|
|
78306
78306
|
reject(err);
|
|
78307
78307
|
}
|
|
@@ -82804,7 +82804,7 @@ var require_tools2 = __commonJS((exports, module) => {
|
|
|
82804
82804
|
var libmime = require_libmime2();
|
|
82805
82805
|
var { resolveCharset } = require_charsets3();
|
|
82806
82806
|
var { compiler } = require_imap_handler();
|
|
82807
|
-
var { createHash
|
|
82807
|
+
var { createHash } = __require("crypto");
|
|
82808
82808
|
var { JPDecoder } = require_jp_decoder();
|
|
82809
82809
|
var iconv = require_lib11();
|
|
82810
82810
|
var FLAG_COLORS = ["red", "orange", "yellow", "green", "blue", "purple", "grey"];
|
|
@@ -83105,7 +83105,7 @@ var require_tools2 = __commonJS((exports, module) => {
|
|
|
83105
83105
|
path = iconv.encode(path, "utf-7-imap").toString();
|
|
83106
83106
|
} catch {}
|
|
83107
83107
|
}
|
|
83108
|
-
map2.id = map2.emailId ||
|
|
83108
|
+
map2.id = map2.emailId || createHash("md5").update([path, mailbox.uidValidity?.toString() || "", map2.uid.toString()].join(":")).digest("hex");
|
|
83109
83109
|
}
|
|
83110
83110
|
if (map2.flags) {
|
|
83111
83111
|
let flagColor = tools.getFlagColor(map2.flags);
|
|
@@ -84559,12 +84559,12 @@ var require_fetch = __commonJS((exports, module) => {
|
|
|
84559
84559
|
messages.count++;
|
|
84560
84560
|
let formatted = await formatMessageResponse(untagged, mailbox);
|
|
84561
84561
|
if (typeof options.onUntaggedFetch === "function") {
|
|
84562
|
-
await new Promise((
|
|
84562
|
+
await new Promise((resolve2, reject) => {
|
|
84563
84563
|
options.onUntaggedFetch(formatted, (err) => {
|
|
84564
84564
|
if (err) {
|
|
84565
84565
|
reject(err);
|
|
84566
84566
|
} else {
|
|
84567
|
-
|
|
84567
|
+
resolve2();
|
|
84568
84568
|
}
|
|
84569
84569
|
});
|
|
84570
84570
|
});
|
|
@@ -84589,7 +84589,7 @@ var require_fetch = __commonJS((exports, module) => {
|
|
|
84589
84589
|
retryCount,
|
|
84590
84590
|
delayMs: delay
|
|
84591
84591
|
});
|
|
84592
|
-
await new Promise((
|
|
84592
|
+
await new Promise((resolve2) => setTimeout(resolve2, delay));
|
|
84593
84593
|
retryCount++;
|
|
84594
84594
|
continue;
|
|
84595
84595
|
}
|
|
@@ -85727,14 +85727,14 @@ var require_idle = __commonJS((exports, module) => {
|
|
|
85727
85727
|
connection.idling = false;
|
|
85728
85728
|
connection.preCheck = false;
|
|
85729
85729
|
while (preCheckWaitQueue.length) {
|
|
85730
|
-
let { resolve:
|
|
85731
|
-
|
|
85730
|
+
let { resolve: resolve2 } = preCheckWaitQueue.shift();
|
|
85731
|
+
resolve2();
|
|
85732
85732
|
}
|
|
85733
85733
|
}
|
|
85734
85734
|
};
|
|
85735
85735
|
let connectionPreCheck = () => {
|
|
85736
|
-
let handler = new Promise((
|
|
85737
|
-
preCheckWaitQueue.push({ resolve:
|
|
85736
|
+
let handler = new Promise((resolve2, reject) => {
|
|
85737
|
+
preCheckWaitQueue.push({ resolve: resolve2, reject });
|
|
85738
85738
|
});
|
|
85739
85739
|
connection.log.trace({
|
|
85740
85740
|
msg: "Requesting IDLE break",
|
|
@@ -85775,8 +85775,8 @@ var require_idle = __commonJS((exports, module) => {
|
|
|
85775
85775
|
});
|
|
85776
85776
|
connection.preCheck = false;
|
|
85777
85777
|
while (preCheckWaitQueue.length) {
|
|
85778
|
-
let { resolve:
|
|
85779
|
-
|
|
85778
|
+
let { resolve: resolve2 } = preCheckWaitQueue.shift();
|
|
85779
|
+
resolve2();
|
|
85780
85780
|
}
|
|
85781
85781
|
}
|
|
85782
85782
|
response.next();
|
|
@@ -85822,16 +85822,16 @@ var require_idle = __commonJS((exports, module) => {
|
|
|
85822
85822
|
return runIdleLoop();
|
|
85823
85823
|
}
|
|
85824
85824
|
let idleTimer;
|
|
85825
|
-
return new Promise((
|
|
85825
|
+
return new Promise((resolve2) => {
|
|
85826
85826
|
if (!connection.currentSelectCommand) {
|
|
85827
|
-
return
|
|
85827
|
+
return resolve2();
|
|
85828
85828
|
}
|
|
85829
85829
|
connection.preCheck = async () => {
|
|
85830
85830
|
connection.preCheck = false;
|
|
85831
85831
|
clearTimeout(idleTimer);
|
|
85832
85832
|
connection.log.debug({ src: "c", msg: `breaking NOOP loop` });
|
|
85833
85833
|
connection.idling = false;
|
|
85834
|
-
|
|
85834
|
+
resolve2();
|
|
85835
85835
|
};
|
|
85836
85836
|
let selectCommand = connection.currentSelectCommand;
|
|
85837
85837
|
let idleCheck = async () => {
|
|
@@ -85867,7 +85867,7 @@ var require_idle = __commonJS((exports, module) => {
|
|
|
85867
85867
|
clearTimeout(idleTimer);
|
|
85868
85868
|
connection.preCheck = false;
|
|
85869
85869
|
connection.log.warn({ err, cid: connection.id });
|
|
85870
|
-
|
|
85870
|
+
resolve2();
|
|
85871
85871
|
});
|
|
85872
85872
|
};
|
|
85873
85873
|
connection.log.debug({ src: "c", msg: `initiated NOOP loop` });
|
|
@@ -95872,7 +95872,7 @@ var require_shared3 = __commonJS((exports, module) => {
|
|
|
95872
95872
|
}
|
|
95873
95873
|
return Object.keys(ifaces).map((key) => ifaces[key]).reduce((acc, val) => acc.concat(val), []).filter((i) => !i.internal || allowInternal).some((i) => i.family === "IPv" + family || i.family === family);
|
|
95874
95874
|
};
|
|
95875
|
-
var
|
|
95875
|
+
var resolve2 = (family, hostname2, options, callback) => {
|
|
95876
95876
|
options = options || {};
|
|
95877
95877
|
if (!isFamilySupported(family, options.allowInternalNetworkInterfaces)) {
|
|
95878
95878
|
return callback(null, []);
|
|
@@ -95949,13 +95949,13 @@ var require_shared3 = __commonJS((exports, module) => {
|
|
|
95949
95949
|
let ipv6Addresses = [];
|
|
95950
95950
|
let ipv4Error = null;
|
|
95951
95951
|
let ipv6Error = null;
|
|
95952
|
-
|
|
95952
|
+
resolve2(4, options.host, options, (err, addresses) => {
|
|
95953
95953
|
if (err) {
|
|
95954
95954
|
ipv4Error = err;
|
|
95955
95955
|
} else {
|
|
95956
95956
|
ipv4Addresses = addresses || [];
|
|
95957
95957
|
}
|
|
95958
|
-
|
|
95958
|
+
resolve2(6, options.host, options, (err2, addresses2) => {
|
|
95959
95959
|
if (err2) {
|
|
95960
95960
|
ipv6Error = err2;
|
|
95961
95961
|
} else {
|
|
@@ -96120,13 +96120,13 @@ var require_shared3 = __commonJS((exports, module) => {
|
|
|
96120
96120
|
});
|
|
96121
96121
|
return response;
|
|
96122
96122
|
};
|
|
96123
|
-
exports.callbackPromise = (
|
|
96123
|
+
exports.callbackPromise = (resolve3, reject) => function() {
|
|
96124
96124
|
const args = Array.from(arguments);
|
|
96125
96125
|
const err = args.shift();
|
|
96126
96126
|
if (err) {
|
|
96127
96127
|
reject(err);
|
|
96128
96128
|
} else {
|
|
96129
|
-
|
|
96129
|
+
resolve3(...args);
|
|
96130
96130
|
}
|
|
96131
96131
|
};
|
|
96132
96132
|
exports.parseDataURI = (uri) => {
|
|
@@ -96188,8 +96188,8 @@ var require_shared3 = __commonJS((exports, module) => {
|
|
|
96188
96188
|
exports.resolveContent = (data, key, callback) => {
|
|
96189
96189
|
let promise2;
|
|
96190
96190
|
if (!callback) {
|
|
96191
|
-
promise2 = new Promise((
|
|
96192
|
-
callback = exports.callbackPromise(
|
|
96191
|
+
promise2 = new Promise((resolve3, reject) => {
|
|
96192
|
+
callback = exports.callbackPromise(resolve3, reject);
|
|
96193
96193
|
});
|
|
96194
96194
|
}
|
|
96195
96195
|
let content = data && data[key] && data[key].content || data[key];
|
|
@@ -99855,8 +99855,8 @@ var require_mime_node3 = __commonJS((exports, module) => {
|
|
|
99855
99855
|
build(callback) {
|
|
99856
99856
|
let promise2;
|
|
99857
99857
|
if (!callback) {
|
|
99858
|
-
promise2 = new Promise((
|
|
99859
|
-
callback = shared.callbackPromise(
|
|
99858
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
99859
|
+
callback = shared.callbackPromise(resolve2, reject);
|
|
99860
99860
|
});
|
|
99861
99861
|
}
|
|
99862
99862
|
const stream = this.createReadStream();
|
|
@@ -101703,8 +101703,8 @@ var require_mailer = __commonJS((exports, module) => {
|
|
|
101703
101703
|
sendMail(data, callback = null) {
|
|
101704
101704
|
let promise2;
|
|
101705
101705
|
if (!callback) {
|
|
101706
|
-
promise2 = new Promise((
|
|
101707
|
-
callback = shared.callbackPromise(
|
|
101706
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
101707
|
+
callback = shared.callbackPromise(resolve2, reject);
|
|
101708
101708
|
});
|
|
101709
101709
|
}
|
|
101710
101710
|
if (typeof this.getSocket === "function") {
|
|
@@ -102282,7 +102282,7 @@ var require_smtp_connection = __commonJS((exports, module) => {
|
|
|
102282
102282
|
const handler = this.customAuth.get(this._authMethod);
|
|
102283
102283
|
let lastResponse;
|
|
102284
102284
|
let returned = false;
|
|
102285
|
-
const
|
|
102285
|
+
const resolve2 = () => {
|
|
102286
102286
|
if (returned) {
|
|
102287
102287
|
return;
|
|
102288
102288
|
}
|
|
@@ -102312,8 +102312,8 @@ var require_smtp_connection = __commonJS((exports, module) => {
|
|
|
102312
102312
|
sendCommand: (cmd, done) => {
|
|
102313
102313
|
let promise2;
|
|
102314
102314
|
if (!done) {
|
|
102315
|
-
promise2 = new Promise((
|
|
102316
|
-
done = shared.callbackPromise(
|
|
102315
|
+
promise2 = new Promise((resolve3, reject2) => {
|
|
102316
|
+
done = shared.callbackPromise(resolve3, reject2);
|
|
102317
102317
|
});
|
|
102318
102318
|
}
|
|
102319
102319
|
this._responseActions.push((str) => {
|
|
@@ -102338,11 +102338,11 @@ var require_smtp_connection = __commonJS((exports, module) => {
|
|
|
102338
102338
|
setImmediate(() => this._sendCommand(cmd));
|
|
102339
102339
|
return promise2;
|
|
102340
102340
|
},
|
|
102341
|
-
resolve:
|
|
102341
|
+
resolve: resolve2,
|
|
102342
102342
|
reject
|
|
102343
102343
|
});
|
|
102344
102344
|
if (handlerResponse && typeof handlerResponse.catch === "function") {
|
|
102345
|
-
handlerResponse.then(
|
|
102345
|
+
handlerResponse.then(resolve2).catch(reject);
|
|
102346
102346
|
}
|
|
102347
102347
|
return;
|
|
102348
102348
|
}
|
|
@@ -104509,8 +104509,8 @@ var require_smtp_pool = __commonJS((exports, module) => {
|
|
|
104509
104509
|
verify(callback) {
|
|
104510
104510
|
let promise2;
|
|
104511
104511
|
if (!callback) {
|
|
104512
|
-
promise2 = new Promise((
|
|
104513
|
-
callback = shared.callbackPromise(
|
|
104512
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
104513
|
+
callback = shared.callbackPromise(resolve2, reject);
|
|
104514
104514
|
});
|
|
104515
104515
|
}
|
|
104516
104516
|
const auth = new PoolResource(this).auth;
|
|
@@ -104783,8 +104783,8 @@ var require_smtp_transport = __commonJS((exports, module) => {
|
|
|
104783
104783
|
verify(callback) {
|
|
104784
104784
|
let promise2;
|
|
104785
104785
|
if (!callback) {
|
|
104786
|
-
promise2 = new Promise((
|
|
104787
|
-
callback = shared.callbackPromise(
|
|
104786
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
104787
|
+
callback = shared.callbackPromise(resolve2, reject);
|
|
104788
104788
|
});
|
|
104789
104789
|
}
|
|
104790
104790
|
this.getSocket(this.options, (err, socketOptions) => {
|
|
@@ -105249,8 +105249,8 @@ var require_ses_transport = __commonJS((exports, module) => {
|
|
|
105249
105249
|
verify(callback) {
|
|
105250
105250
|
let promise2;
|
|
105251
105251
|
if (!callback) {
|
|
105252
|
-
promise2 = new Promise((
|
|
105253
|
-
callback = shared.callbackPromise(
|
|
105252
|
+
promise2 = new Promise((resolve2, reject) => {
|
|
105253
|
+
callback = shared.callbackPromise(resolve2, reject);
|
|
105254
105254
|
});
|
|
105255
105255
|
}
|
|
105256
105256
|
const cb = (err) => {
|
|
@@ -114664,169 +114664,7 @@ The returned cookies can be formatted as a Cookie header for use with http_reque
|
|
|
114664
114664
|
// src/core/agents/offSecAgent/tools/browserTools.ts
|
|
114665
114665
|
init_dist();
|
|
114666
114666
|
init_zod();
|
|
114667
|
-
import { join as
|
|
114668
|
-
|
|
114669
|
-
// src/core/prompt-injections/index.ts
|
|
114670
|
-
init_zod();
|
|
114671
|
-
import { createHash } from "node:crypto";
|
|
114672
|
-
import { readFileSync as readFileSync2, statSync as statSync2 } from "node:fs";
|
|
114673
|
-
import { dirname as dirname4, isAbsolute, join as join6, relative, resolve, sep } from "node:path";
|
|
114674
|
-
function sha256(value) {
|
|
114675
|
-
return createHash("sha256").update(value).digest("hex");
|
|
114676
|
-
}
|
|
114677
|
-
var PromptInjectionCatalogEntrySchema = exports_external.object({
|
|
114678
|
-
id: exports_external.string().min(1),
|
|
114679
|
-
name: exports_external.string().min(1).optional(),
|
|
114680
|
-
category: exports_external.string().min(1).optional(),
|
|
114681
|
-
description: exports_external.string().default(""),
|
|
114682
|
-
tags: exports_external.array(exports_external.string()).default([]),
|
|
114683
|
-
deliveryHints: exports_external.array(exports_external.string()).default([]),
|
|
114684
|
-
expectedObservation: exports_external.string().default(""),
|
|
114685
|
-
payloadPath: exports_external.string().min(1)
|
|
114686
|
-
});
|
|
114687
|
-
var PromptInjectionLibraryFileSchema = exports_external.union([
|
|
114688
|
-
exports_external.array(PromptInjectionCatalogEntrySchema),
|
|
114689
|
-
exports_external.object({
|
|
114690
|
-
payloads: exports_external.array(PromptInjectionCatalogEntrySchema)
|
|
114691
|
-
}),
|
|
114692
|
-
exports_external.object({
|
|
114693
|
-
injections: exports_external.array(PromptInjectionCatalogEntrySchema)
|
|
114694
|
-
})
|
|
114695
|
-
]);
|
|
114696
|
-
function isPromptInjectionRef(value) {
|
|
114697
|
-
return typeof value === "object" && value !== null && value.kind === "prompt_injection_ref" && typeof value.id === "string";
|
|
114698
|
-
}
|
|
114699
|
-
|
|
114700
|
-
class StaticPromptInjectionLibrary {
|
|
114701
|
-
ordered;
|
|
114702
|
-
entries;
|
|
114703
|
-
hashes;
|
|
114704
|
-
constructor(entries) {
|
|
114705
|
-
this.ordered = entries;
|
|
114706
|
-
this.entries = new Map(entries.map((entry) => [entry.id, entry]));
|
|
114707
|
-
this.hashes = new Map(entries.map((entry) => [entry.id, sha256(entry.payload)]));
|
|
114708
|
-
}
|
|
114709
|
-
listCatalog() {
|
|
114710
|
-
return this.ordered.map(({ payload, payloadFilePath: _path, ...entry }) => ({
|
|
114711
|
-
...entry,
|
|
114712
|
-
payloadHash: sha256(payload)
|
|
114713
|
-
}));
|
|
114714
|
-
}
|
|
114715
|
-
getPayload(id) {
|
|
114716
|
-
return this.entries.get(id)?.payload;
|
|
114717
|
-
}
|
|
114718
|
-
getPayloadFilePath(id) {
|
|
114719
|
-
return this.entries.get(id)?.payloadFilePath;
|
|
114720
|
-
}
|
|
114721
|
-
getPayloadHash(id) {
|
|
114722
|
-
return this.hashes.get(id);
|
|
114723
|
-
}
|
|
114724
|
-
has(id) {
|
|
114725
|
-
return this.entries.has(id);
|
|
114726
|
-
}
|
|
114727
|
-
}
|
|
114728
|
-
var EMPTY_PROMPT_INJECTION_LIBRARY = new StaticPromptInjectionLibrary([]);
|
|
114729
|
-
var SOURCE_CACHE = new Map;
|
|
114730
|
-
function resolvePromptInjectionLibrarySource(explicit) {
|
|
114731
|
-
return explicit || process.env.PENSAR_PROMPT_INJECTION_LIBRARY || process.env.APEX_PROMPT_INJECTION_LIBRARY;
|
|
114732
|
-
}
|
|
114733
|
-
function resolveCatalogPath(source) {
|
|
114734
|
-
if (source.startsWith("https://") || source.startsWith("http://")) {
|
|
114735
|
-
throw new Error("Prompt injection library source must be a local path, not a URL.");
|
|
114736
|
-
}
|
|
114737
|
-
const path = source.startsWith("file://") ? source.slice(7) : source;
|
|
114738
|
-
const resolved = isAbsolute(path) ? path : resolve(process.cwd(), path);
|
|
114739
|
-
const stat = statSync2(resolved);
|
|
114740
|
-
if (stat.isDirectory()) {
|
|
114741
|
-
return { catalogPath: join6(resolved, "catalog.json"), root: resolved };
|
|
114742
|
-
}
|
|
114743
|
-
return { catalogPath: resolved, root: dirname4(resolved) };
|
|
114744
|
-
}
|
|
114745
|
-
function resolvePayloadPath(root, payloadPath) {
|
|
114746
|
-
if (isAbsolute(payloadPath)) {
|
|
114747
|
-
throw new Error("Prompt injection payloadPath must be relative.");
|
|
114748
|
-
}
|
|
114749
|
-
const resolved = resolve(root, payloadPath);
|
|
114750
|
-
const relativePath = relative(root, resolved);
|
|
114751
|
-
if (relativePath === ".." || relativePath.startsWith(`..${sep}`)) {
|
|
114752
|
-
throw new Error("Prompt injection payloadPath must stay within the library.");
|
|
114753
|
-
}
|
|
114754
|
-
return resolved;
|
|
114755
|
-
}
|
|
114756
|
-
function parsePromptInjectionLibrary(raw, root) {
|
|
114757
|
-
const parsed = PromptInjectionLibraryFileSchema.parse(JSON.parse(raw));
|
|
114758
|
-
const catalogEntries = Array.isArray(parsed) ? parsed : ("payloads" in parsed) ? parsed.payloads : parsed.injections;
|
|
114759
|
-
const entries = catalogEntries.map((entry) => {
|
|
114760
|
-
const payloadFile = resolvePayloadPath(root, entry.payloadPath);
|
|
114761
|
-
const payload = readFileSync2(payloadFile, "utf-8");
|
|
114762
|
-
const { payloadPath: _payloadPath, name, category, ...safeEntry } = entry;
|
|
114763
|
-
return {
|
|
114764
|
-
...safeEntry,
|
|
114765
|
-
name: name ?? entry.id,
|
|
114766
|
-
category: category ?? "uncategorized",
|
|
114767
|
-
payload,
|
|
114768
|
-
payloadFilePath: payloadFile
|
|
114769
|
-
};
|
|
114770
|
-
});
|
|
114771
|
-
return new StaticPromptInjectionLibrary(entries);
|
|
114772
|
-
}
|
|
114773
|
-
async function readSource(source) {
|
|
114774
|
-
if (source.startsWith("https://") || source.startsWith("http://")) {
|
|
114775
|
-
throw new Error("Prompt injection library source must be a local path, not a URL.");
|
|
114776
|
-
}
|
|
114777
|
-
const { catalogPath, root } = resolveCatalogPath(source);
|
|
114778
|
-
return parsePromptInjectionLibrary(readFileSync2(catalogPath, "utf-8"), root);
|
|
114779
|
-
}
|
|
114780
|
-
async function loadPromptInjectionLibrary(source) {
|
|
114781
|
-
let cached2 = SOURCE_CACHE.get(source);
|
|
114782
|
-
if (!cached2) {
|
|
114783
|
-
cached2 = readSource(source).catch((err) => {
|
|
114784
|
-
SOURCE_CACHE.delete(source);
|
|
114785
|
-
throw err;
|
|
114786
|
-
});
|
|
114787
|
-
SOURCE_CACHE.set(source, cached2);
|
|
114788
|
-
}
|
|
114789
|
-
return cached2;
|
|
114790
|
-
}
|
|
114791
|
-
async function getPromptInjectionLibrary(opts) {
|
|
114792
|
-
if (opts?.library)
|
|
114793
|
-
return opts.library;
|
|
114794
|
-
const source = resolvePromptInjectionLibrarySource(opts?.source);
|
|
114795
|
-
if (!source)
|
|
114796
|
-
return EMPTY_PROMPT_INJECTION_LIBRARY;
|
|
114797
|
-
return loadPromptInjectionLibrary(source);
|
|
114798
|
-
}
|
|
114799
|
-
function resolvePromptInjectionRefs(value, library) {
|
|
114800
|
-
if (isPromptInjectionRef(value)) {
|
|
114801
|
-
const payload = library.getPayload(value.id);
|
|
114802
|
-
if (!payload)
|
|
114803
|
-
throw new Error(`Unknown prompt injection id: ${value.id}`);
|
|
114804
|
-
return payload;
|
|
114805
|
-
}
|
|
114806
|
-
if (Array.isArray(value)) {
|
|
114807
|
-
return value.map((item) => resolvePromptInjectionRefs(item, library));
|
|
114808
|
-
}
|
|
114809
|
-
if (typeof value === "object" && value !== null) {
|
|
114810
|
-
const resolved = {};
|
|
114811
|
-
for (const [key, nested] of Object.entries(value)) {
|
|
114812
|
-
resolved[key] = resolvePromptInjectionRefs(nested, library);
|
|
114813
|
-
}
|
|
114814
|
-
return resolved;
|
|
114815
|
-
}
|
|
114816
|
-
return value;
|
|
114817
|
-
}
|
|
114818
|
-
function redactPromptInjectionPayloads(value, library) {
|
|
114819
|
-
let redacted = value;
|
|
114820
|
-
for (const entry of library.listCatalog()) {
|
|
114821
|
-
const payload = library.getPayload(entry.id);
|
|
114822
|
-
if (!payload)
|
|
114823
|
-
continue;
|
|
114824
|
-
redacted = redacted.split(payload).join(`[PROMPT_INJECTION:${entry.id}]`);
|
|
114825
|
-
}
|
|
114826
|
-
return redacted;
|
|
114827
|
-
}
|
|
114828
|
-
|
|
114829
|
-
// src/core/agents/offSecAgent/tools/browserTools.ts
|
|
114667
|
+
import { join as join6 } from "node:path";
|
|
114830
114668
|
var BROWSER_TOOL_NAMES = [
|
|
114831
114669
|
"browser_navigate",
|
|
114832
114670
|
"browser_snapshot",
|
|
@@ -114838,87 +114676,41 @@ var BROWSER_TOOL_NAMES = [
|
|
|
114838
114676
|
"browser_get_cookies"
|
|
114839
114677
|
];
|
|
114840
114678
|
function createBrowserToolset(ctx) {
|
|
114841
|
-
const tools = ctx.sandbox ? createSandboxBrowserTools(ctx) : createBrowserTools(ctx.target ?? "",
|
|
114842
|
-
|
|
114843
|
-
const injectionEnabled = !!(ctx.promptInjectionLibrary || ctx.promptInjectionLibrarySource);
|
|
114844
|
-
if (!cm && !injectionEnabled) {
|
|
114679
|
+
const tools = ctx.sandbox ? createSandboxBrowserTools(ctx) : createBrowserTools(ctx.target ?? "", join6(ctx.session.rootPath, "evidence"), "operator", undefined, ctx.abortSignal, undefined, undefined, undefined, ctx.browserSession);
|
|
114680
|
+
if (!ctx.credentialManager) {
|
|
114845
114681
|
return tools;
|
|
114846
114682
|
}
|
|
114847
114683
|
const originalFill = tools.browser_fill;
|
|
114848
|
-
const
|
|
114849
|
-
|
|
114850
|
-
|
|
114851
|
-
|
|
114852
|
-
|
|
114853
|
-
|
|
114854
|
-
|
|
114855
|
-
|
|
114856
|
-
|
|
114857
|
-
|
|
114858
|
-
|
|
114859
|
-
|
|
114860
|
-
|
|
114861
|
-
|
|
114862
|
-
|
|
114863
|
-
|
|
114864
|
-
|
|
114865
|
-
"
|
|
114866
|
-
"
|
|
114867
|
-
|
|
114868
|
-
|
|
114869
|
-
|
|
114870
|
-
|
|
114871
|
-
|
|
114872
|
-
|
|
114873
|
-
|
|
114874
|
-
|
|
114875
|
-
|
|
114876
|
-
|
|
114877
|
-
|
|
114878
|
-
|
|
114879
|
-
Credential mode: Instead of passing a raw secret as "value", you can ` + `pass "credentialId" + "credentialField" (e.g. "password") and the value ` + `will be resolved securely. Always prefer this when filling password or ` + `secret fields.`;
|
|
114880
|
-
}
|
|
114881
|
-
const execOptions = {
|
|
114882
|
-
toolCallId: "",
|
|
114883
|
-
messages: [],
|
|
114884
|
-
abortSignal: undefined
|
|
114885
|
-
};
|
|
114886
|
-
const wrappedFill = tool({
|
|
114887
|
-
description,
|
|
114888
|
-
inputSchema: exports_external.object(shape),
|
|
114889
|
-
execute: async (rawParams) => {
|
|
114890
|
-
const params = rawParams;
|
|
114891
|
-
const { element, ref, toolCallDescription } = params;
|
|
114892
|
-
let value = params.value;
|
|
114893
|
-
if (injectionEnabled && params.promptInjection?.id) {
|
|
114894
|
-
const id = params.promptInjection.id;
|
|
114895
|
-
const library = await getPromptInjectionLibrary({
|
|
114896
|
-
library: ctx.promptInjectionLibrary,
|
|
114897
|
-
source: ctx.promptInjectionLibrarySource
|
|
114898
|
-
});
|
|
114899
|
-
const payload = library.getPayload(id);
|
|
114900
|
-
if (!payload) {
|
|
114901
|
-
return {
|
|
114902
|
-
success: false,
|
|
114903
|
-
error: `Unknown prompt injection id: ${id}`
|
|
114904
|
-
};
|
|
114905
|
-
}
|
|
114906
|
-
const fill = await originalFill.execute?.({ element, ref, value: payload, toolCallDescription }, execOptions);
|
|
114907
|
-
if (fill && fill.success === false) {
|
|
114908
|
-
return {
|
|
114909
|
-
success: false,
|
|
114910
|
-
element,
|
|
114911
|
-
error: redactPromptInjectionPayloads(String(fill.error ?? ""), library) || "browser_fill failed"
|
|
114912
|
-
};
|
|
114913
|
-
}
|
|
114914
|
-
return {
|
|
114915
|
-
success: true,
|
|
114916
|
-
element,
|
|
114917
|
-
result: `[prompt_injection_ref ${id} typed into field; payload hidden]`
|
|
114918
|
-
};
|
|
114919
|
-
}
|
|
114920
|
-
if (cm && params.credentialId && params.credentialField) {
|
|
114921
|
-
const { credentialId, credentialField } = params;
|
|
114684
|
+
const cm = ctx.credentialManager;
|
|
114685
|
+
const credentialAwareFill = tool({
|
|
114686
|
+
description: originalFill.description + `
|
|
114687
|
+
|
|
114688
|
+
Credential mode: Instead of passing a raw secret as "value", you can pass ` + `"credentialId" + "credentialField" (e.g. "password") and the value will be ` + `resolved securely. Always prefer this when filling password or secret fields.`,
|
|
114689
|
+
inputSchema: exports_external.object({
|
|
114690
|
+
element: exports_external.string().describe("Description of form field, e.g., 'Username field' or 'Search input'"),
|
|
114691
|
+
ref: exports_external.string().optional().describe("Element reference from browser_snapshot (e.g., 'e3'). If provided, uses exact element reference for precise filling."),
|
|
114692
|
+
value: exports_external.string().optional().describe("Value to fill into the field. Omit when using credentialId + credentialField."),
|
|
114693
|
+
credentialId: exports_external.string().optional().describe("ID of a stored credential. When provided with credentialField, the secret is resolved automatically."),
|
|
114694
|
+
credentialField: exports_external.enum([
|
|
114695
|
+
"password",
|
|
114696
|
+
"username",
|
|
114697
|
+
"apiKey",
|
|
114698
|
+
"bearerToken",
|
|
114699
|
+
"cookies",
|
|
114700
|
+
"sessionToken"
|
|
114701
|
+
]).optional().describe("Which field to extract from the credential (e.g. 'password'). Required when credentialId is set."),
|
|
114702
|
+
toolCallDescription: exports_external.string().describe("Why you are filling this field with this value")
|
|
114703
|
+
}),
|
|
114704
|
+
execute: async (params) => {
|
|
114705
|
+
let { value } = params;
|
|
114706
|
+
const {
|
|
114707
|
+
element,
|
|
114708
|
+
ref,
|
|
114709
|
+
credentialId,
|
|
114710
|
+
credentialField,
|
|
114711
|
+
toolCallDescription
|
|
114712
|
+
} = params;
|
|
114713
|
+
if (credentialId && credentialField) {
|
|
114922
114714
|
const stored = cm.resolve(credentialId);
|
|
114923
114715
|
if (!stored) {
|
|
114924
114716
|
return {
|
|
@@ -114941,15 +114733,15 @@ Credential mode: Instead of passing a raw secret as "value", you can ` + `pass "
|
|
|
114941
114733
|
if (!value) {
|
|
114942
114734
|
return {
|
|
114943
114735
|
success: false,
|
|
114944
|
-
error:
|
|
114736
|
+
error: "Either value or credentialId + credentialField must be provided"
|
|
114945
114737
|
};
|
|
114946
114738
|
}
|
|
114947
|
-
return originalFill.execute?.({ element, ref, value, toolCallDescription },
|
|
114739
|
+
return originalFill.execute?.({ element, ref, value, toolCallDescription }, { toolCallId: "", messages: [], abortSignal: undefined });
|
|
114948
114740
|
}
|
|
114949
114741
|
});
|
|
114950
114742
|
return {
|
|
114951
114743
|
...tools,
|
|
114952
|
-
browser_fill:
|
|
114744
|
+
browser_fill: credentialAwareFill
|
|
114953
114745
|
};
|
|
114954
114746
|
}
|
|
114955
114747
|
|
|
@@ -115010,7 +114802,7 @@ init_zod();
|
|
|
115010
114802
|
init_structured();
|
|
115011
114803
|
init_lazyLogger();
|
|
115012
114804
|
import { existsSync as existsSync4, mkdirSync as mkdirSync3, writeFileSync as writeFileSync4 } from "node:fs";
|
|
115013
|
-
import { join as
|
|
114805
|
+
import { join as join7 } from "node:path";
|
|
115014
114806
|
var log = scopedLogger(() => createLogger("complete_authentication"));
|
|
115015
114807
|
var AUTH_DIR = "auth";
|
|
115016
114808
|
var AUTH_DATA_FILENAME = "auth-data.json";
|
|
@@ -115054,11 +114846,11 @@ This tool marks the end of the authentication flow.`,
|
|
|
115054
114846
|
log.info(`Authentication complete: ${result.success ? "SUCCESS" : "FAILED"}`);
|
|
115055
114847
|
let authDataPath;
|
|
115056
114848
|
try {
|
|
115057
|
-
const authDir =
|
|
114849
|
+
const authDir = join7(ctx.session.rootPath, AUTH_DIR);
|
|
115058
114850
|
if (!existsSync4(authDir)) {
|
|
115059
114851
|
mkdirSync3(authDir, { recursive: true });
|
|
115060
114852
|
}
|
|
115061
|
-
authDataPath =
|
|
114853
|
+
authDataPath = join7(authDir, AUTH_DATA_FILENAME);
|
|
115062
114854
|
const authData = {
|
|
115063
114855
|
authenticated: result.success,
|
|
115064
114856
|
strategy: result.strategy || "unknown",
|
|
@@ -115275,7 +115067,7 @@ function crawlAuthenticated(ctx) {
|
|
|
115275
115067
|
init_dist();
|
|
115276
115068
|
init_zod();
|
|
115277
115069
|
import { writeFileSync as writeFileSync5 } from "node:fs";
|
|
115278
|
-
import { join as
|
|
115070
|
+
import { join as join8 } from "node:path";
|
|
115279
115071
|
function createAttackSurfaceReport(ctx) {
|
|
115280
115072
|
return tool({
|
|
115281
115073
|
description: `Provide attack surface analysis results to the orchestrator agent.
|
|
@@ -115301,7 +115093,7 @@ Call this at the END of your analysis with:
|
|
|
115301
115093
|
toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
|
|
115302
115094
|
}),
|
|
115303
115095
|
execute: async (results) => {
|
|
115304
|
-
const resultsPath =
|
|
115096
|
+
const resultsPath = join8(ctx.session.rootPath, "attack-surface-results.json");
|
|
115305
115097
|
writeFileSync5(resultsPath, JSON.stringify(results, null, 2));
|
|
115306
115098
|
return {
|
|
115307
115099
|
success: true,
|
|
@@ -115320,7 +115112,7 @@ init_structured();
|
|
|
115320
115112
|
init_lazyLogger();
|
|
115321
115113
|
import { existsSync as existsSync5 } from "node:fs";
|
|
115322
115114
|
import { mkdir, writeFile } from "node:fs/promises";
|
|
115323
|
-
import { dirname as
|
|
115115
|
+
import { dirname as dirname4, isAbsolute, resolve } from "node:path";
|
|
115324
115116
|
var log3 = scopedLogger(() => createLogger("create_file"));
|
|
115325
115117
|
var createFileInputSchema = exports_external.object({
|
|
115326
115118
|
path: exports_external.string().describe("Absolute or relative path for the new file"),
|
|
@@ -115343,7 +115135,7 @@ Parent directories are created automatically if they don't exist.`,
|
|
|
115343
115135
|
overwrite = false
|
|
115344
115136
|
}) => {
|
|
115345
115137
|
log3.debug(`enter: path=${filePath}, contentLen=${content.length}, overwrite=${overwrite}, sandbox=${!!ctx.sandbox}`);
|
|
115346
|
-
const resolved =
|
|
115138
|
+
const resolved = isAbsolute(filePath) ? filePath : resolve(ctx.agentCwd, filePath);
|
|
115347
115139
|
log3.debug(`resolved: ${resolved}`);
|
|
115348
115140
|
if (ctx.sandbox) {
|
|
115349
115141
|
return executeSandboxCreate(ctx, resolved, content, overwrite);
|
|
@@ -115364,7 +115156,7 @@ async function executeLocalCreate(filePath, content, overwrite) {
|
|
|
115364
115156
|
path: filePath
|
|
115365
115157
|
};
|
|
115366
115158
|
}
|
|
115367
|
-
const dir =
|
|
115159
|
+
const dir = dirname4(filePath);
|
|
115368
115160
|
log3.debug(`local: mkdir ${dir}`);
|
|
115369
115161
|
await mkdir(dir, { recursive: true });
|
|
115370
115162
|
log3.debug(`local: mkdir done, writing ${content.length} bytes`);
|
|
@@ -115398,7 +115190,7 @@ async function executeSandboxCreate(ctx, filePath, content, overwrite) {
|
|
|
115398
115190
|
};
|
|
115399
115191
|
}
|
|
115400
115192
|
}
|
|
115401
|
-
const dirPath =
|
|
115193
|
+
const dirPath = dirname4(filePath);
|
|
115402
115194
|
await ctx.sandbox.execute(`mkdir -p "${dirPath}"`);
|
|
115403
115195
|
const base64Content = Buffer.from(content).toString("base64");
|
|
115404
115196
|
const writeResult = await ctx.sandbox.execute(`echo "${base64Content}" | base64 -d > "${filePath}"`);
|
|
@@ -115428,21 +115220,21 @@ init_dist();
|
|
|
115428
115220
|
init_zod();
|
|
115429
115221
|
|
|
115430
115222
|
// src/core/tasks/index.ts
|
|
115431
|
-
import { mkdirSync as mkdirSync4, readdirSync as readdirSync3, readFileSync as
|
|
115432
|
-
import { join as
|
|
115223
|
+
import { mkdirSync as mkdirSync4, readdirSync as readdirSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync6 } from "node:fs";
|
|
115224
|
+
import { join as join9 } from "node:path";
|
|
115433
115225
|
var HWM_FILENAME = "_hwm.json";
|
|
115434
115226
|
function ensureDir(dir) {
|
|
115435
115227
|
mkdirSync4(dir, { recursive: true });
|
|
115436
115228
|
}
|
|
115437
115229
|
function taskPath(tasksDir, id) {
|
|
115438
|
-
return
|
|
115230
|
+
return join9(tasksDir, `${id}.json`);
|
|
115439
115231
|
}
|
|
115440
115232
|
function hwmPath(tasksDir) {
|
|
115441
|
-
return
|
|
115233
|
+
return join9(tasksDir, HWM_FILENAME);
|
|
115442
115234
|
}
|
|
115443
115235
|
function readHighWaterMark(tasksDir) {
|
|
115444
115236
|
try {
|
|
115445
|
-
const raw =
|
|
115237
|
+
const raw = readFileSync2(hwmPath(tasksDir), "utf-8");
|
|
115446
115238
|
const parsed = JSON.parse(raw);
|
|
115447
115239
|
return { nextId: parsed.nextId ?? 1 };
|
|
115448
115240
|
} catch {
|
|
@@ -115474,7 +115266,7 @@ function createTask(tasksDir, input) {
|
|
|
115474
115266
|
}
|
|
115475
115267
|
function getTask(tasksDir, id) {
|
|
115476
115268
|
try {
|
|
115477
|
-
const raw =
|
|
115269
|
+
const raw = readFileSync2(taskPath(tasksDir, id), "utf-8");
|
|
115478
115270
|
return JSON.parse(raw);
|
|
115479
115271
|
} catch {
|
|
115480
115272
|
return null;
|
|
@@ -115511,7 +115303,7 @@ function listTasks(tasksDir, filter) {
|
|
|
115511
115303
|
if (!file.endsWith(".json") || file === HWM_FILENAME)
|
|
115512
115304
|
continue;
|
|
115513
115305
|
try {
|
|
115514
|
-
const raw =
|
|
115306
|
+
const raw = readFileSync2(join9(tasksDir, file), "utf-8");
|
|
115515
115307
|
const task = JSON.parse(raw);
|
|
115516
115308
|
if (filter?.status && task.status !== filter.status)
|
|
115517
115309
|
continue;
|
|
@@ -115609,7 +115401,7 @@ init_dist();
|
|
|
115609
115401
|
init_zod();
|
|
115610
115402
|
init_credentials();
|
|
115611
115403
|
import { writeFileSync as writeFileSync7 } from "node:fs";
|
|
115612
|
-
import { join as
|
|
115404
|
+
import { join as join10 } from "node:path";
|
|
115613
115405
|
init_structured();
|
|
115614
115406
|
init_lazyLogger();
|
|
115615
115407
|
var log4 = scopedLogger(() => createLogger("delegate_auth"));
|
|
@@ -115775,7 +115567,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
|
|
|
115775
115567
|
if (credentials) {
|
|
115776
115568
|
ctx.session.credentialManager.addFromAuthCredentials(credentials);
|
|
115777
115569
|
}
|
|
115778
|
-
const { runAuthenticationAgent } = await import("./authentication-
|
|
115570
|
+
const { runAuthenticationAgent } = await import("./authentication-qswvctj4.js");
|
|
115779
115571
|
const localBus = new AgentEventBus;
|
|
115780
115572
|
AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
|
|
115781
115573
|
const result = await runAuthenticationAgent({
|
|
@@ -115794,7 +115586,7 @@ When to use delegate_to_auth_subagent vs authenticate_session:
|
|
|
115794
115586
|
parentSubagentId: ctx.subagentId
|
|
115795
115587
|
});
|
|
115796
115588
|
if (result.success) {
|
|
115797
|
-
const sessionInfoPath =
|
|
115589
|
+
const sessionInfoPath = join10(ctx.session.rootPath, "session-info.json");
|
|
115798
115590
|
const sessionInfo = {
|
|
115799
115591
|
authenticated: true,
|
|
115800
115592
|
username: username || "via_subagent",
|
|
@@ -115989,7 +115781,7 @@ function detectBarrier(bodyLower, statusCode) {
|
|
|
115989
115781
|
init_dist();
|
|
115990
115782
|
init_zod();
|
|
115991
115783
|
import { existsSync as existsSync6, mkdirSync as mkdirSync5, writeFileSync as writeFileSync8 } from "node:fs";
|
|
115992
|
-
import { join as
|
|
115784
|
+
import { join as join11 } from "node:path";
|
|
115993
115785
|
function sanitizeName(name) {
|
|
115994
115786
|
return name.toLowerCase().replace(/[^a-z0-9-_.]/g, "_");
|
|
115995
115787
|
}
|
|
@@ -116028,7 +115820,7 @@ function validateDomainUrl(value) {
|
|
|
116028
115820
|
}
|
|
116029
115821
|
}
|
|
116030
115822
|
function documentApp(ctx) {
|
|
116031
|
-
const baseAppsPath =
|
|
115823
|
+
const baseAppsPath = join11(ctx.session.rootPath, "apps");
|
|
116032
115824
|
return tool({
|
|
116033
115825
|
description: `Document a discovered application during attack surface analysis.
|
|
116034
115826
|
|
|
@@ -116081,7 +115873,7 @@ Each application creates a JSON file in the apps directory for tracking and anal
|
|
|
116081
115873
|
const sanitizedName = sanitizeName(input.appName);
|
|
116082
115874
|
const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
|
|
116083
115875
|
const filename = `app_${sanitizedName}_${timestamp}.json`;
|
|
116084
|
-
const filepath =
|
|
115876
|
+
const filepath = join11(baseAppsPath, filename);
|
|
116085
115877
|
const appRecord = {
|
|
116086
115878
|
...input,
|
|
116087
115879
|
discoveredAt: new Date().toISOString(),
|
|
@@ -116105,7 +115897,7 @@ Each application creates a JSON file in the apps directory for tracking and anal
|
|
|
116105
115897
|
init_dist();
|
|
116106
115898
|
init_zod();
|
|
116107
115899
|
import { existsSync as existsSync7, mkdirSync as mkdirSync6, writeFileSync as writeFileSync9 } from "node:fs";
|
|
116108
|
-
import { join as
|
|
115900
|
+
import { join as join12 } from "node:path";
|
|
116109
115901
|
|
|
116110
115902
|
// src/core/agents/specialized/attackSurface/blackboxRiskScoring.ts
|
|
116111
115903
|
var RISK_LEVEL_BASE_SCORE = {
|
|
@@ -116344,24 +116136,24 @@ function pLimit(concurrency) {
|
|
|
116344
116136
|
activeCount--;
|
|
116345
116137
|
resumeNext();
|
|
116346
116138
|
};
|
|
116347
|
-
const run = async (function_,
|
|
116139
|
+
const run = async (function_, resolve2, arguments_) => {
|
|
116348
116140
|
const result = (async () => function_(...arguments_))();
|
|
116349
|
-
|
|
116141
|
+
resolve2(result);
|
|
116350
116142
|
try {
|
|
116351
116143
|
await result;
|
|
116352
116144
|
} catch {}
|
|
116353
116145
|
next();
|
|
116354
116146
|
};
|
|
116355
|
-
const enqueue = (function_,
|
|
116147
|
+
const enqueue = (function_, resolve2, arguments_) => {
|
|
116356
116148
|
new Promise((internalResolve) => {
|
|
116357
116149
|
queue.enqueue(internalResolve);
|
|
116358
|
-
}).then(run.bind(undefined, function_,
|
|
116150
|
+
}).then(run.bind(undefined, function_, resolve2, arguments_));
|
|
116359
116151
|
if (activeCount < concurrency) {
|
|
116360
116152
|
resumeNext();
|
|
116361
116153
|
}
|
|
116362
116154
|
};
|
|
116363
|
-
const generator = (function_, ...arguments_) => new Promise((
|
|
116364
|
-
enqueue(function_,
|
|
116155
|
+
const generator = (function_, ...arguments_) => new Promise((resolve2) => {
|
|
116156
|
+
enqueue(function_, resolve2, arguments_);
|
|
116365
116157
|
});
|
|
116366
116158
|
Object.defineProperties(generator, {
|
|
116367
116159
|
activeCount: {
|
|
@@ -116455,7 +116247,7 @@ async function generateThreatModelForEndpoint(ctx, input) {
|
|
|
116455
116247
|
return threatModelLimiter(async () => {
|
|
116456
116248
|
if (ctx.abortSignal?.aborted)
|
|
116457
116249
|
return null;
|
|
116458
|
-
const { CodeAgent } = await import("./agent-
|
|
116250
|
+
const { CodeAgent } = await import("./agent-8w9h3tnw.js");
|
|
116459
116251
|
const subagentId = `threat-model-${sanitize(input.appName)}-${sanitize(input.routePath)}`;
|
|
116460
116252
|
ctx.eventBus?.emit("subagent-spawn", {
|
|
116461
116253
|
subagentId,
|
|
@@ -116763,7 +116555,7 @@ var documentEndpointInputSchema = exports_external.object({
|
|
|
116763
116555
|
toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
|
|
116764
116556
|
});
|
|
116765
116557
|
function documentEndpoint(ctx) {
|
|
116766
|
-
const baseAssetsPath =
|
|
116558
|
+
const baseAssetsPath = join12(ctx.session.rootPath, "assets");
|
|
116767
116559
|
return tool({
|
|
116768
116560
|
description: `Document a discovered endpoint during attack surface analysis.
|
|
116769
116561
|
|
|
@@ -116809,14 +116601,14 @@ Each endpoint creates a JSON file in the assets directory for tracking and analy
|
|
|
116809
116601
|
message: `routePath "${input.routePath}" is a full URL. The domain is already stored on the parent application. ` + `Use a path or access pattern instead (e.g. "/api/users", "/{objectKey}?X-Amz-Signature={sig}", "arn:aws:s3:::bucket-name").`
|
|
116810
116602
|
};
|
|
116811
116603
|
}
|
|
116812
|
-
const targetDir =
|
|
116604
|
+
const targetDir = join12(baseAssetsPath, sanitizeName2(input.appName));
|
|
116813
116605
|
if (!existsSync7(targetDir)) {
|
|
116814
116606
|
mkdirSync6(targetDir, { recursive: true });
|
|
116815
116607
|
}
|
|
116816
116608
|
const sanitizedPath = sanitizeName2(input.routePath);
|
|
116817
116609
|
const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
|
|
116818
116610
|
const filename = `asset_${sanitizedPath}_${timestamp}.json`;
|
|
116819
|
-
const filepath =
|
|
116611
|
+
const filepath = join12(targetDir, filename);
|
|
116820
116612
|
const heuristicRiskScore = computeBlackboxRiskScore(input.riskLevel, "endpoint", {
|
|
116821
116613
|
url: input.routePath,
|
|
116822
116614
|
method: input.method,
|
|
@@ -116894,7 +116686,7 @@ import {
|
|
|
116894
116686
|
unlinkSync,
|
|
116895
116687
|
writeFileSync as writeFileSync10
|
|
116896
116688
|
} from "node:fs";
|
|
116897
|
-
import { join as
|
|
116689
|
+
import { join as join13 } from "node:path";
|
|
116898
116690
|
|
|
116899
116691
|
// src/lib/cwe/types.ts
|
|
116900
116692
|
init_zod();
|
|
@@ -118331,7 +118123,7 @@ init_lazyLogger();
|
|
|
118331
118123
|
var log6 = scopedLogger(() => createLogger("FindingJudge"));
|
|
118332
118124
|
async function judgeFinding(input, ctx) {
|
|
118333
118125
|
try {
|
|
118334
|
-
const { FindingJudgeAgent } = await import("./agent-
|
|
118126
|
+
const { FindingJudgeAgent } = await import("./agent-737mxp3v.js");
|
|
118335
118127
|
const agent = new FindingJudgeAgent({
|
|
118336
118128
|
finding: input,
|
|
118337
118129
|
model: ctx.model,
|
|
@@ -118621,14 +118413,14 @@ CRITICAL RULES — READ BEFORE CALLING:
|
|
|
118621
118413
|
description: `POC execution output for ${filename}`
|
|
118622
118414
|
});
|
|
118623
118415
|
const timestamp = new Date().toISOString();
|
|
118624
|
-
const outputDir = isVulnerability ? session.findingsPath :
|
|
118416
|
+
const outputDir = isVulnerability ? session.findingsPath : join13(session.rootPath, "informational");
|
|
118625
118417
|
if (!isVulnerability) {
|
|
118626
118418
|
mkdirSync7(outputDir, { recursive: true });
|
|
118627
118419
|
}
|
|
118628
118420
|
let evidenceForPrompt = materializedEvidence;
|
|
118629
118421
|
if (materializedEvidence.length > EVIDENCE_FILE_THRESHOLD) {
|
|
118630
118422
|
const evidenceFilename = `${timestamp.split("T")[0]}-${slugify2(input.title, 40)}-evidence.txt`;
|
|
118631
|
-
const evidenceFilePath =
|
|
118423
|
+
const evidenceFilePath = join13(outputDir, evidenceFilename);
|
|
118632
118424
|
writeFileSync10(evidenceFilePath, materializedEvidence);
|
|
118633
118425
|
evidenceForPrompt = materializedEvidence.substring(0, EVIDENCE_FILE_THRESHOLD) + `
|
|
118634
118426
|
... [truncated — full output saved to ${evidenceFilename}]`;
|
|
@@ -118677,16 +118469,16 @@ CRITICAL RULES — READ BEFORE CALLING:
|
|
|
118677
118469
|
cvssResult = FALLBACK_CVSS;
|
|
118678
118470
|
break;
|
|
118679
118471
|
}
|
|
118680
|
-
await new Promise((
|
|
118681
|
-
const timer = setTimeout(
|
|
118472
|
+
await new Promise((resolve2) => {
|
|
118473
|
+
const timer = setTimeout(resolve2, 2000);
|
|
118682
118474
|
if (ctx.abortSignal) {
|
|
118683
118475
|
const onAbort = () => {
|
|
118684
118476
|
clearTimeout(timer);
|
|
118685
|
-
|
|
118477
|
+
resolve2();
|
|
118686
118478
|
};
|
|
118687
118479
|
if (ctx.abortSignal.aborted) {
|
|
118688
118480
|
clearTimeout(timer);
|
|
118689
|
-
|
|
118481
|
+
resolve2();
|
|
118690
118482
|
} else {
|
|
118691
118483
|
ctx.abortSignal.addEventListener("abort", onAbort, {
|
|
118692
118484
|
once: true
|
|
@@ -118770,8 +118562,8 @@ CRITICAL RULES — READ BEFORE CALLING:
|
|
|
118770
118562
|
const findingId = `${timestamp.split("T")[0]}-${slugify2(finding.title, 50)}`;
|
|
118771
118563
|
const jsonFilename = `${findingId}.json`;
|
|
118772
118564
|
const mdFilename = `${findingId}.md`;
|
|
118773
|
-
const jsonPath =
|
|
118774
|
-
const mdPath =
|
|
118565
|
+
const jsonPath = join13(outputDir, jsonFilename);
|
|
118566
|
+
const mdPath = join13(outputDir, mdFilename);
|
|
118775
118567
|
try {
|
|
118776
118568
|
writeFileSync10(jsonPath, JSON.stringify(findingWithMeta, null, 2));
|
|
118777
118569
|
const cvssSection = cvssWarning ? `## CVSS 4.0 Assessment
|
|
@@ -118854,7 +118646,7 @@ ${finding.references}` : ""}
|
|
|
118854
118646
|
`;
|
|
118855
118647
|
writeFileSync10(mdPath, markdown);
|
|
118856
118648
|
if (isVulnerability) {
|
|
118857
|
-
const summaryPath =
|
|
118649
|
+
const summaryPath = join13(session.rootPath, "findings-summary.md");
|
|
118858
118650
|
const cweTag = cvssResult.cwes?.length ? ` (${cvssResult.cwes.map((c) => c.id).join(", ")})` : "";
|
|
118859
118651
|
const cvssTag = cvssWarning ? "(estimated)" : `(CVSS ${cvssResult.score})`;
|
|
118860
118652
|
const summaryEntry = `- [${finding.severity}] ${cvssTag}${cweTag} ${finding.title} - \`findings/${mdFilename}\`
|
|
@@ -118912,7 +118704,7 @@ async function executeLocalPoc(ctx, input) {
|
|
|
118912
118704
|
mkdirSync7(pocsPath, { recursive: true });
|
|
118913
118705
|
}
|
|
118914
118706
|
const { filename, pocContent } = preparePoc(input);
|
|
118915
|
-
const pocPath =
|
|
118707
|
+
const pocPath = join13(pocsPath, filename);
|
|
118916
118708
|
writeFileSync10(pocPath, pocContent);
|
|
118917
118709
|
chmodSync(pocPath, 493);
|
|
118918
118710
|
const { stdout, stderr, exitCode } = await runScript(POC_RUNNERS[input.pocType], pocPath, 60000, ctx.abortSignal);
|
|
@@ -118930,7 +118722,7 @@ async function executeSandboxPoc(ctx, input) {
|
|
|
118930
118722
|
if (!existsSync8(localPocsPath)) {
|
|
118931
118723
|
mkdirSync7(localPocsPath, { recursive: true });
|
|
118932
118724
|
}
|
|
118933
|
-
const localPocPath =
|
|
118725
|
+
const localPocPath = join13(localPocsPath, filename);
|
|
118934
118726
|
writeFileSync10(localPocPath, pocContent);
|
|
118935
118727
|
const sandboxPocPath = `/tmp/pocs/${filename}`;
|
|
118936
118728
|
const base64Content = Buffer.from(pocContent).toString("base64");
|
|
@@ -118963,10 +118755,10 @@ POC file has been deleted.`,
|
|
|
118963
118755
|
}
|
|
118964
118756
|
function cleanupPocFiles(ctx, filename) {
|
|
118965
118757
|
try {
|
|
118966
|
-
unlinkSync(
|
|
118758
|
+
unlinkSync(join13(ctx.session.pocsPath, filename));
|
|
118967
118759
|
} catch {}
|
|
118968
118760
|
try {
|
|
118969
|
-
unlinkSync(
|
|
118761
|
+
unlinkSync(join13(ctx.session.pocsPath, `${filename}.output.json`));
|
|
118970
118762
|
} catch {}
|
|
118971
118763
|
}
|
|
118972
118764
|
function sanitizeFilename(str) {
|
|
@@ -119027,7 +118819,7 @@ ${commentChar} Created: ${new Date().toISOString()}
|
|
|
119027
118819
|
}
|
|
119028
118820
|
function writePocOutputSidecar(pocsPath, filename, stdout, stderr, exitCode, description) {
|
|
119029
118821
|
try {
|
|
119030
|
-
const outputPath =
|
|
118822
|
+
const outputPath = join13(pocsPath, `${filename}.output.json`);
|
|
119031
118823
|
writeFileSync10(outputPath, JSON.stringify({
|
|
119032
118824
|
stdout,
|
|
119033
118825
|
stderr,
|
|
@@ -119039,7 +118831,7 @@ function writePocOutputSidecar(pocsPath, filename, stdout, stderr, exitCode, des
|
|
|
119039
118831
|
} catch {}
|
|
119040
118832
|
}
|
|
119041
118833
|
function runScript(runner, scriptPath, timeout, abortSignal) {
|
|
119042
|
-
return new Promise((
|
|
118834
|
+
return new Promise((resolve2) => {
|
|
119043
118835
|
const child = spawn2(runner, [scriptPath], {
|
|
119044
118836
|
stdio: ["ignore", "pipe", "pipe"],
|
|
119045
118837
|
detached: process.platform !== "win32"
|
|
@@ -119061,7 +118853,7 @@ function runScript(runner, scriptPath, timeout, abortSignal) {
|
|
|
119061
118853
|
resolved = true;
|
|
119062
118854
|
clearTimeout(timeoutTimer);
|
|
119063
118855
|
abortCleanup?.();
|
|
119064
|
-
|
|
118856
|
+
resolve2(result);
|
|
119065
118857
|
}
|
|
119066
118858
|
};
|
|
119067
118859
|
const killProcess = () => {
|
|
@@ -119374,8 +119166,8 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119374
119166
|
}
|
|
119375
119167
|
let tag = (++this.tagCounter).toString(16).toUpperCase();
|
|
119376
119168
|
options = options || {};
|
|
119377
|
-
let promise2 = new Promise((
|
|
119378
|
-
this.requestTagMap.set(tag, { command, attributes, options, resolve:
|
|
119169
|
+
let promise2 = new Promise((resolve2, reject) => {
|
|
119170
|
+
this.requestTagMap.set(tag, { command, attributes, options, resolve: resolve2, reject });
|
|
119379
119171
|
this.requestQueue.push({ tag, command, attributes, options });
|
|
119380
119172
|
this.trySend().catch((err) => {
|
|
119381
119173
|
this.requestTagMap.delete(tag);
|
|
@@ -119481,7 +119273,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119481
119273
|
switch (parsed.command.toUpperCase()) {
|
|
119482
119274
|
case "OK":
|
|
119483
119275
|
case "BYE":
|
|
119484
|
-
await new Promise((
|
|
119276
|
+
await new Promise((resolve2) => request.resolve({ response: parsed, next: resolve2 }));
|
|
119485
119277
|
break;
|
|
119486
119278
|
case "NO":
|
|
119487
119279
|
case "BAD": {
|
|
@@ -119498,7 +119290,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119498
119290
|
err.responseText = txt;
|
|
119499
119291
|
if (err.responseStatus === "NO" && txt.includes("Some of the requested messages no longer exist")) {
|
|
119500
119292
|
this.log.warn({ msg: "Partial FETCH response", cid: this.id, err });
|
|
119501
|
-
await new Promise((
|
|
119293
|
+
await new Promise((resolve2) => request.resolve({ response: parsed, next: resolve2 }));
|
|
119502
119294
|
break;
|
|
119503
119295
|
}
|
|
119504
119296
|
let throttleDelay = false;
|
|
@@ -119534,7 +119326,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119534
119326
|
data.next();
|
|
119535
119327
|
processedCount++;
|
|
119536
119328
|
if (processedCount % 10 === 0) {
|
|
119537
|
-
await new Promise((
|
|
119329
|
+
await new Promise((resolve2) => setImmediate(resolve2));
|
|
119538
119330
|
}
|
|
119539
119331
|
}
|
|
119540
119332
|
}
|
|
@@ -119695,7 +119487,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119695
119487
|
}
|
|
119696
119488
|
processedChunks++;
|
|
119697
119489
|
if (processedChunks % 100 === 0) {
|
|
119698
|
-
await new Promise((
|
|
119490
|
+
await new Promise((resolve2) => setImmediate(resolve2));
|
|
119699
119491
|
if (!this.writeSocket) {
|
|
119700
119492
|
break;
|
|
119701
119493
|
}
|
|
@@ -119753,7 +119545,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119753
119545
|
return this._failSTARTTLS();
|
|
119754
119546
|
}
|
|
119755
119547
|
this.socket.unpipe(this.streamer);
|
|
119756
|
-
let upgraded = await new Promise((
|
|
119548
|
+
let upgraded = await new Promise((resolve2, reject) => {
|
|
119757
119549
|
let socketPlain = this.socket;
|
|
119758
119550
|
let opts = Object.assign({
|
|
119759
119551
|
socket: this.socket,
|
|
@@ -119807,7 +119599,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119807
119599
|
});
|
|
119808
119600
|
}
|
|
119809
119601
|
socketPlain.removeListener("error", socketPlainErrorHandler);
|
|
119810
|
-
return
|
|
119602
|
+
return resolve2(true);
|
|
119811
119603
|
} catch (ex) {
|
|
119812
119604
|
this.emitError(ex);
|
|
119813
119605
|
}
|
|
@@ -119883,10 +119675,10 @@ class ImapFlow extends EventEmitter2 {
|
|
|
119883
119675
|
}
|
|
119884
119676
|
this.startSession().then(() => {
|
|
119885
119677
|
if (typeof this.initialResolve === "function") {
|
|
119886
|
-
let
|
|
119678
|
+
let resolve2 = this.initialResolve;
|
|
119887
119679
|
this.initialResolve = false;
|
|
119888
119680
|
this.initialReject = false;
|
|
119889
|
-
return
|
|
119681
|
+
return resolve2();
|
|
119890
119682
|
}
|
|
119891
119683
|
}).catch((err) => {
|
|
119892
119684
|
this.log.error({ err, cid: this.id });
|
|
@@ -120128,7 +119920,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
120128
119920
|
throw error2;
|
|
120129
119921
|
}
|
|
120130
119922
|
}
|
|
120131
|
-
let connectPromise = new Promise((
|
|
119923
|
+
let connectPromise = new Promise((resolve2, reject) => {
|
|
120132
119924
|
this.connectTimeout = setTimeout(() => {
|
|
120133
119925
|
let err = new Error("Failed to establish connection in required time");
|
|
120134
119926
|
err.code = "CONNECT_TIMEOUT";
|
|
@@ -120176,7 +119968,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
120176
119968
|
this.setSocketHandlers();
|
|
120177
119969
|
this.setEventHandlers();
|
|
120178
119970
|
this.socket.pipe(this.streamer);
|
|
120179
|
-
this.initialResolve =
|
|
119971
|
+
this.initialResolve = resolve2;
|
|
120180
119972
|
this.initialReject = reject;
|
|
120181
119973
|
} catch (ex) {
|
|
120182
119974
|
reject(ex);
|
|
@@ -120537,17 +120329,17 @@ class ImapFlow extends EventEmitter2 {
|
|
|
120537
120329
|
let aborted2 = false;
|
|
120538
120330
|
let push = false;
|
|
120539
120331
|
let rowQueue = [];
|
|
120540
|
-
let getNext = () => new Promise((
|
|
120332
|
+
let getNext = () => new Promise((resolve2, reject) => {
|
|
120541
120333
|
let check2 = () => {
|
|
120542
120334
|
if (rowQueue.length) {
|
|
120543
120335
|
let entry = rowQueue.shift();
|
|
120544
120336
|
if (entry.err) {
|
|
120545
120337
|
return reject(entry.err);
|
|
120546
120338
|
}
|
|
120547
|
-
return
|
|
120339
|
+
return resolve2(entry.value);
|
|
120548
120340
|
}
|
|
120549
120341
|
if (finished) {
|
|
120550
|
-
return
|
|
120342
|
+
return resolve2(null);
|
|
120551
120343
|
}
|
|
120552
120344
|
push = () => {
|
|
120553
120345
|
push = false;
|
|
@@ -120832,7 +120624,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
120832
120624
|
}
|
|
120833
120625
|
if (writeChunk(chunk2) === false) {
|
|
120834
120626
|
try {
|
|
120835
|
-
await new Promise((
|
|
120627
|
+
await new Promise((resolve2, reject) => {
|
|
120836
120628
|
let resolved = false;
|
|
120837
120629
|
const finish = (err) => {
|
|
120838
120630
|
if (resolved)
|
|
@@ -120844,7 +120636,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
120844
120636
|
if (err) {
|
|
120845
120637
|
reject(err);
|
|
120846
120638
|
} else {
|
|
120847
|
-
|
|
120639
|
+
resolve2();
|
|
120848
120640
|
}
|
|
120849
120641
|
};
|
|
120850
120642
|
stream.once("drain", () => finish());
|
|
@@ -121035,10 +120827,10 @@ class ImapFlow extends EventEmitter2 {
|
|
|
121035
120827
|
}
|
|
121036
120828
|
processedCount++;
|
|
121037
120829
|
if (processedCount % 5 === 0) {
|
|
121038
|
-
await new Promise((
|
|
120830
|
+
await new Promise((resolve3) => setImmediate(resolve3));
|
|
121039
120831
|
}
|
|
121040
120832
|
const lock = this.locks.shift();
|
|
121041
|
-
const { resolve:
|
|
120833
|
+
const { resolve: resolve2, reject, path, options, lockId } = lock;
|
|
121042
120834
|
if (lock.acquireTimer) {
|
|
121043
120835
|
clearTimeout(lock.acquireTimer);
|
|
121044
120836
|
lock.acquireTimer = null;
|
|
@@ -121103,7 +120895,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
121103
120895
|
});
|
|
121104
120896
|
this.currentLock = lock;
|
|
121105
120897
|
armHeldTimer();
|
|
121106
|
-
|
|
120898
|
+
resolve2({ path, release });
|
|
121107
120899
|
break;
|
|
121108
120900
|
}
|
|
121109
120901
|
try {
|
|
@@ -121117,7 +120909,7 @@ class ImapFlow extends EventEmitter2 {
|
|
|
121117
120909
|
});
|
|
121118
120910
|
this.currentLock = lock;
|
|
121119
120911
|
armHeldTimer();
|
|
121120
|
-
|
|
120912
|
+
resolve2({ path, release });
|
|
121121
120913
|
break;
|
|
121122
120914
|
} catch (err) {
|
|
121123
120915
|
if (err.responseStatus === "NO") {
|
|
@@ -121164,8 +120956,8 @@ class ImapFlow extends EventEmitter2 {
|
|
|
121164
120956
|
...this.currentLock.options?.description && { description: this.currentLock.options?.description }
|
|
121165
120957
|
} : null
|
|
121166
120958
|
});
|
|
121167
|
-
let lockPromise = new Promise((
|
|
121168
|
-
let lockEntry = { resolve:
|
|
120959
|
+
let lockPromise = new Promise((resolve2, reject) => {
|
|
120960
|
+
let lockEntry = { resolve: resolve2, reject, path, options, lockId };
|
|
121169
120961
|
this.locks.push(lockEntry);
|
|
121170
120962
|
if (Number(options.acquireTimeout) > 0) {
|
|
121171
120963
|
lockEntry.acquireTimer = setTimeout(() => {
|
|
@@ -122343,6 +122135,168 @@ init_dist();
|
|
|
122343
122135
|
init_zod();
|
|
122344
122136
|
import { existsSync as existsSync9, mkdirSync as mkdirSync8, writeFileSync as writeFileSync11 } from "node:fs";
|
|
122345
122137
|
import { join as join15 } from "node:path";
|
|
122138
|
+
|
|
122139
|
+
// src/core/prompt-injections/index.ts
|
|
122140
|
+
init_zod();
|
|
122141
|
+
import { createHash } from "node:crypto";
|
|
122142
|
+
import { readFileSync as readFileSync3, statSync as statSync2 } from "node:fs";
|
|
122143
|
+
import { dirname as dirname5, isAbsolute as isAbsolute2, join as join14, relative, resolve as resolve2, sep } from "node:path";
|
|
122144
|
+
function sha256(value) {
|
|
122145
|
+
return createHash("sha256").update(value).digest("hex");
|
|
122146
|
+
}
|
|
122147
|
+
var PromptInjectionCatalogEntrySchema = exports_external.object({
|
|
122148
|
+
id: exports_external.string().min(1),
|
|
122149
|
+
name: exports_external.string().min(1).optional(),
|
|
122150
|
+
category: exports_external.string().min(1).optional(),
|
|
122151
|
+
description: exports_external.string().default(""),
|
|
122152
|
+
tags: exports_external.array(exports_external.string()).default([]),
|
|
122153
|
+
deliveryHints: exports_external.array(exports_external.string()).default([]),
|
|
122154
|
+
expectedObservation: exports_external.string().default(""),
|
|
122155
|
+
payloadPath: exports_external.string().min(1)
|
|
122156
|
+
});
|
|
122157
|
+
var PromptInjectionLibraryFileSchema = exports_external.union([
|
|
122158
|
+
exports_external.array(PromptInjectionCatalogEntrySchema),
|
|
122159
|
+
exports_external.object({
|
|
122160
|
+
payloads: exports_external.array(PromptInjectionCatalogEntrySchema)
|
|
122161
|
+
}),
|
|
122162
|
+
exports_external.object({
|
|
122163
|
+
injections: exports_external.array(PromptInjectionCatalogEntrySchema)
|
|
122164
|
+
})
|
|
122165
|
+
]);
|
|
122166
|
+
function isPromptInjectionRef(value) {
|
|
122167
|
+
return typeof value === "object" && value !== null && value.kind === "prompt_injection_ref" && typeof value.id === "string";
|
|
122168
|
+
}
|
|
122169
|
+
|
|
122170
|
+
class StaticPromptInjectionLibrary {
|
|
122171
|
+
ordered;
|
|
122172
|
+
entries;
|
|
122173
|
+
hashes;
|
|
122174
|
+
constructor(entries) {
|
|
122175
|
+
this.ordered = entries;
|
|
122176
|
+
this.entries = new Map(entries.map((entry) => [entry.id, entry]));
|
|
122177
|
+
this.hashes = new Map(entries.map((entry) => [entry.id, sha256(entry.payload)]));
|
|
122178
|
+
}
|
|
122179
|
+
listCatalog() {
|
|
122180
|
+
return this.ordered.map(({ payload, payloadFilePath: _path, ...entry }) => ({
|
|
122181
|
+
...entry,
|
|
122182
|
+
payloadHash: sha256(payload)
|
|
122183
|
+
}));
|
|
122184
|
+
}
|
|
122185
|
+
getPayload(id) {
|
|
122186
|
+
return this.entries.get(id)?.payload;
|
|
122187
|
+
}
|
|
122188
|
+
getPayloadFilePath(id) {
|
|
122189
|
+
return this.entries.get(id)?.payloadFilePath;
|
|
122190
|
+
}
|
|
122191
|
+
getPayloadHash(id) {
|
|
122192
|
+
return this.hashes.get(id);
|
|
122193
|
+
}
|
|
122194
|
+
has(id) {
|
|
122195
|
+
return this.entries.has(id);
|
|
122196
|
+
}
|
|
122197
|
+
}
|
|
122198
|
+
var EMPTY_PROMPT_INJECTION_LIBRARY = new StaticPromptInjectionLibrary([]);
|
|
122199
|
+
var SOURCE_CACHE = new Map;
|
|
122200
|
+
function resolvePromptInjectionLibrarySource(explicit) {
|
|
122201
|
+
return explicit || process.env.PENSAR_PROMPT_INJECTION_LIBRARY || process.env.APEX_PROMPT_INJECTION_LIBRARY;
|
|
122202
|
+
}
|
|
122203
|
+
function resolveCatalogPath(source) {
|
|
122204
|
+
if (source.startsWith("https://") || source.startsWith("http://")) {
|
|
122205
|
+
throw new Error("Prompt injection library source must be a local path, not a URL.");
|
|
122206
|
+
}
|
|
122207
|
+
const path = source.startsWith("file://") ? source.slice(7) : source;
|
|
122208
|
+
const resolved = isAbsolute2(path) ? path : resolve2(process.cwd(), path);
|
|
122209
|
+
const stat = statSync2(resolved);
|
|
122210
|
+
if (stat.isDirectory()) {
|
|
122211
|
+
return { catalogPath: join14(resolved, "catalog.json"), root: resolved };
|
|
122212
|
+
}
|
|
122213
|
+
return { catalogPath: resolved, root: dirname5(resolved) };
|
|
122214
|
+
}
|
|
122215
|
+
function resolvePayloadPath(root, payloadPath) {
|
|
122216
|
+
if (isAbsolute2(payloadPath)) {
|
|
122217
|
+
throw new Error("Prompt injection payloadPath must be relative.");
|
|
122218
|
+
}
|
|
122219
|
+
const resolved = resolve2(root, payloadPath);
|
|
122220
|
+
const relativePath = relative(root, resolved);
|
|
122221
|
+
if (relativePath === ".." || relativePath.startsWith(`..${sep}`)) {
|
|
122222
|
+
throw new Error("Prompt injection payloadPath must stay within the library.");
|
|
122223
|
+
}
|
|
122224
|
+
return resolved;
|
|
122225
|
+
}
|
|
122226
|
+
function parsePromptInjectionLibrary(raw, root) {
|
|
122227
|
+
const parsed = PromptInjectionLibraryFileSchema.parse(JSON.parse(raw));
|
|
122228
|
+
const catalogEntries = Array.isArray(parsed) ? parsed : ("payloads" in parsed) ? parsed.payloads : parsed.injections;
|
|
122229
|
+
const entries = catalogEntries.map((entry) => {
|
|
122230
|
+
const payloadFile = resolvePayloadPath(root, entry.payloadPath);
|
|
122231
|
+
const payload = readFileSync3(payloadFile, "utf-8");
|
|
122232
|
+
const { payloadPath: _payloadPath, name, category, ...safeEntry } = entry;
|
|
122233
|
+
return {
|
|
122234
|
+
...safeEntry,
|
|
122235
|
+
name: name ?? entry.id,
|
|
122236
|
+
category: category ?? "uncategorized",
|
|
122237
|
+
payload,
|
|
122238
|
+
payloadFilePath: payloadFile
|
|
122239
|
+
};
|
|
122240
|
+
});
|
|
122241
|
+
return new StaticPromptInjectionLibrary(entries);
|
|
122242
|
+
}
|
|
122243
|
+
async function readSource(source) {
|
|
122244
|
+
if (source.startsWith("https://") || source.startsWith("http://")) {
|
|
122245
|
+
throw new Error("Prompt injection library source must be a local path, not a URL.");
|
|
122246
|
+
}
|
|
122247
|
+
const { catalogPath, root } = resolveCatalogPath(source);
|
|
122248
|
+
return parsePromptInjectionLibrary(readFileSync3(catalogPath, "utf-8"), root);
|
|
122249
|
+
}
|
|
122250
|
+
async function loadPromptInjectionLibrary(source) {
|
|
122251
|
+
let cached2 = SOURCE_CACHE.get(source);
|
|
122252
|
+
if (!cached2) {
|
|
122253
|
+
cached2 = readSource(source).catch((err) => {
|
|
122254
|
+
SOURCE_CACHE.delete(source);
|
|
122255
|
+
throw err;
|
|
122256
|
+
});
|
|
122257
|
+
SOURCE_CACHE.set(source, cached2);
|
|
122258
|
+
}
|
|
122259
|
+
return cached2;
|
|
122260
|
+
}
|
|
122261
|
+
async function getPromptInjectionLibrary(opts) {
|
|
122262
|
+
if (opts?.library)
|
|
122263
|
+
return opts.library;
|
|
122264
|
+
const source = resolvePromptInjectionLibrarySource(opts?.source);
|
|
122265
|
+
if (!source)
|
|
122266
|
+
return EMPTY_PROMPT_INJECTION_LIBRARY;
|
|
122267
|
+
return loadPromptInjectionLibrary(source);
|
|
122268
|
+
}
|
|
122269
|
+
function resolvePromptInjectionRefs(value, library) {
|
|
122270
|
+
if (isPromptInjectionRef(value)) {
|
|
122271
|
+
const payload = library.getPayload(value.id);
|
|
122272
|
+
if (!payload)
|
|
122273
|
+
throw new Error(`Unknown prompt injection id: ${value.id}`);
|
|
122274
|
+
return payload;
|
|
122275
|
+
}
|
|
122276
|
+
if (Array.isArray(value)) {
|
|
122277
|
+
return value.map((item) => resolvePromptInjectionRefs(item, library));
|
|
122278
|
+
}
|
|
122279
|
+
if (typeof value === "object" && value !== null) {
|
|
122280
|
+
const resolved = {};
|
|
122281
|
+
for (const [key, nested] of Object.entries(value)) {
|
|
122282
|
+
resolved[key] = resolvePromptInjectionRefs(nested, library);
|
|
122283
|
+
}
|
|
122284
|
+
return resolved;
|
|
122285
|
+
}
|
|
122286
|
+
return value;
|
|
122287
|
+
}
|
|
122288
|
+
function redactPromptInjectionPayloads(value, library) {
|
|
122289
|
+
let redacted = value;
|
|
122290
|
+
for (const entry of library.listCatalog()) {
|
|
122291
|
+
const payload = library.getPayload(entry.id);
|
|
122292
|
+
if (!payload)
|
|
122293
|
+
continue;
|
|
122294
|
+
redacted = redacted.split(payload).join(`[PROMPT_INJECTION:${entry.id}]`);
|
|
122295
|
+
}
|
|
122296
|
+
return redacted;
|
|
122297
|
+
}
|
|
122298
|
+
|
|
122299
|
+
// src/core/agents/offSecAgent/tools/executeCommand.ts
|
|
122346
122300
|
var MAX_INLINE = 50000;
|
|
122347
122301
|
var MS_TIMEOUT_THRESHOLD = 1e4;
|
|
122348
122302
|
var DEFAULT_PROMPT_INJECTION_FILE_ENV = "APEX_PROMPT_INJECTION_FILE";
|
|
@@ -124412,7 +124366,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
|
|
|
124412
124366
|
});
|
|
124413
124367
|
if (cwd) {
|
|
124414
124368
|
try {
|
|
124415
|
-
const { WhiteboxAttackSurfaceAgent } = await import("./index-
|
|
124369
|
+
const { WhiteboxAttackSurfaceAgent } = await import("./index-5h1hjhzw.js");
|
|
124416
124370
|
const localBus = new AgentEventBus;
|
|
124417
124371
|
AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
|
|
124418
124372
|
const agent = new WhiteboxAttackSurfaceAgent({
|
|
@@ -124462,7 +124416,7 @@ should be passed directly to spawn_pentest_swarm for deep testing.`,
|
|
|
124462
124416
|
}
|
|
124463
124417
|
}
|
|
124464
124418
|
try {
|
|
124465
|
-
const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-
|
|
124419
|
+
const { BlackboxAttackSurfaceAgent } = await import("./blackboxAgent-vwm9t3h4.js");
|
|
124466
124420
|
const localBus = new AgentEventBus;
|
|
124467
124421
|
AgentEventBus.attachChild(localBus, ctx.eventBus, subagentId);
|
|
124468
124422
|
const agent = new BlackboxAttackSurfaceAgent({
|
|
@@ -124540,7 +124494,7 @@ Omit \`cwd\` for blackbox mode (live target probing only).`,
|
|
|
124540
124494
|
toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
|
|
124541
124495
|
}),
|
|
124542
124496
|
execute: async ({ target, cwd }) => {
|
|
124543
|
-
const { runPentestWorkflow: workflow } = await import("./pentest-
|
|
124497
|
+
const { runPentestWorkflow: workflow } = await import("./pentest-1e30q7rs.js");
|
|
124544
124498
|
if (!ctx.model) {
|
|
124545
124499
|
return {
|
|
124546
124500
|
success: false,
|
|
@@ -126116,7 +126070,7 @@ Returns an array of results with the text output from each agent.`,
|
|
|
126116
126070
|
});
|
|
126117
126071
|
}
|
|
126118
126072
|
async function runSingleCodingAgent(ctx, codebasePath, objective, agentIndex, name) {
|
|
126119
|
-
const { CodeAgent } = await import("./agent-
|
|
126073
|
+
const { CodeAgent } = await import("./agent-8w9h3tnw.js");
|
|
126120
126074
|
const subagentId = `coding-agent-${agentIndex}`;
|
|
126121
126075
|
ctx.eventBus?.emit("subagent-spawn", {
|
|
126122
126076
|
subagentId,
|
|
@@ -126622,7 +126576,7 @@ Returns the worker's summary, objective results, and finding count — but NOT t
|
|
|
126622
126576
|
message: "spawn_pentest_agent requires a model in the tool context."
|
|
126623
126577
|
};
|
|
126624
126578
|
}
|
|
126625
|
-
const { TargetedPentestAgent } = await import("./agent-
|
|
126579
|
+
const { TargetedPentestAgent } = await import("./agent-vdrtakz4.js");
|
|
126626
126580
|
const findingsRegistry = ctx.findingsRegistry ?? FindingsRegistry.fromDirectory(ctx.session.findingsPath, {
|
|
126627
126581
|
model: ctx.model,
|
|
126628
126582
|
authConfig: ctx.authConfig,
|
|
@@ -126779,7 +126733,7 @@ Pass every target you want tested — the swarm handles concurrency automaticall
|
|
|
126779
126733
|
toolCallDescription: exports_external.string().describe("A concise, human-readable description of what this tool call is doing")
|
|
126780
126734
|
}),
|
|
126781
126735
|
execute: async ({ targets }) => {
|
|
126782
|
-
const { runPentestSwarm, DEFAULT_CONCURRENCY: DEFAULT_CONCURRENCY2 } = await import("./pentest-
|
|
126736
|
+
const { runPentestSwarm, DEFAULT_CONCURRENCY: DEFAULT_CONCURRENCY2 } = await import("./pentest-1e30q7rs.js");
|
|
126783
126737
|
if (!ctx.model) {
|
|
126784
126738
|
return {
|
|
126785
126739
|
success: false,
|